CVE-2023-1183

MEDIUM

LibreOffice < 7.4.6 - Path Traversal and Arbitrary File Write via ODB Script Command

Title source: llm

Description

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

References (5)

Core 5

Core References

Patch, Vendor Advisory

https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/

Mailing List

http://www.openwall.com/lists/oss-security/2023/12/28/4

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-1183

Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2208506

Mailing List

http://www.openwall.com/lists/oss-security/2024/01/03/4

Scores

CVSS v3 5.0

EPSS 0.0731

EPSS Percentile 91.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-22 CWE-20

Status published

Products (5)

fedoraproject/fedora 38

libreoffice/libreoffice 7.5.0

libreoffice/libreoffice < 7.4.6

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

Published Jul 10, 2023

Tracked Since Feb 18, 2026