CVE-2023-1183: Arbitrary file write
First published: Fri May 19 2023(Updated: )
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/libreoffice | <7.4.6 | 7.4.6 |
| redhat/libreoffice | <7.5.1 | 7.5.1 |
| The Document Foundation LibreOffice | <7.4.6 | |
| The Document Foundation LibreOffice | =7.5.0 | |
| Fedoraproject Fedora | =38 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-1183
- https://bugzilla.redhat.com/show_bug.cgi?id=2208506
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
- http://www.openwall.com/lists/oss-security/2023/12/28/4
- http://www.openwall.com/lists/oss-security/2024/01/03/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2215918
- https://access.redhat.com/errata/RHSA-2023:6508
- https://access.redhat.com/errata/RHSA-2023:6933
Frequently Asked Questions
What is the vulnerability ID of this flaw?
The vulnerability ID of this flaw is CVE-2023-1183.
What is the severity level of CVE-2023-1183?
CVE-2023-1183 has a severity level of 5.5 (medium).
How does CVE-2023-1183 affect Libreoffice?
CVE-2023-1183 affects Libreoffice versions 7.4.6 up to (but excluding) 7.5.1.
How can an attacker exploit CVE-2023-1183?
An attacker can exploit CVE-2023-1183 by crafting an odb file with a "database/script" file containing a SCRIPT command.
Are there any known remedies for CVE-2023-1183?
Yes, upgrading to Libreoffice version 7.5.1 or higher will fix the vulnerability.
- collector/oss-sec
- alias/CVE-2023-1183
- agent/type
- agent/first-publish-date
- source/oss-sec
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/remedy
- agent/title
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-latest
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- package-manager/redhat
- vendor/libreoffice
- canonical/the document foundation libreoffice
- version/the document foundation libreoffice/7.5.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0