LibreOffice Vulnerability Allows Script Execution

The free office package, Libreoffice, has recently disclosed two vulnerabilities that pose a high level of hazard. These vulnerabilities have been addressed in the latest updates, Libreoffice 7.6.4 and 7.5.9.

The first vulnerability, known as CVE-2023-6186, allows for the execution of an arbitrary script when a user clicks on a specially added link in a document. This can trigger built-in macros or internal commands without displaying a preliminary warning in certain scenarios.

The second vulnerability, identified as CVE-2023-6185, enables the execution of arbitrary plugins to the GSTreamer multimedia framework on the Linux platform. This exploit occurs when opening a document containing a specifically designed built-in video. The issue arises from the lack of proper shielding for system files with the video’s name before interacting with GStreamer.

Users are urged to update their Libreoffice to versions 7.6.4 and 7.5.9 to ensure the elimination of these vulnerabilities and maintain the security of their systems.

For more information on these vulnerabilities, please refer to the official advisories and the recent updates from Libreoffice.

/Reports, release notes, official announcements.