LibreOffice’s Double Vulnerability Threat – CVE-2023-6185 and CVE-2023-6186

by do son · December 11, 2023

LibreOffice is a free and open-source office suite, a powerful alternative to paid options like Microsoft Office. Its roots in the OpenOffice.org project and its cross-platform availability exemplify the triumph of community-driven development. However, this open-source office suite is not without its vulnerabilities, as highlighted by CVE-2023-6185 and CVE-2023-6186.

CVE-2023-6185 (CVSS 8.3) – Improper Input Validation Enabling Arbitrary Gstreamer Pipeline Injection

This vulnerability affects LibreOffice on Linux and allows attackers to inject malicious code into the Gstreamer multimedia framework. Gstreamer is responsible for playing embedded videos within LibreOffice documents. By exploiting this vulnerability, attackers could potentially:

Play malicious audio or video content: This could be used to annoy users or spread disinformation.

This vulnerability was discovered by security researcher Reginaldo Silva of ubercomp.com. To stay protected, Linux users are urged to upgrade LibreOffice to version 7.5.9 or 7.6.3.

CVE-2023-6186 (CVSS 8.3) – Link Targets Allow Arbitrary Script Execution

This vulnerability affects LibreOffice on all platforms and allows attackers to execute malicious scripts by crafting specially crafted hyperlinks. These hyperlinks could be embedded within documents or even sent as emails. By clicking on these links, attackers could potentially:

Run malicious macros: This could allow them to steal data, install malware, or even delete your files.
Execute built-in LibreOffice commands: This could be used to perform various actions, such as opening files or modifying settings.

This vulnerability was also discovered by Reginaldo Silva. To stay protected, users on all platforms are urged to upgrade LibreOffice to version 7.5.9 or 7.6.4.

Protecting Yourself:

Here are some additional steps you can take to protect yourself from these vulnerabilities:

Always keep LibreOffice updated: This ensures that you have the latest security patches.
Be cautious about opening documents from unknown sources: Only open documents from trusted sources, and be careful about clicking on links within documents.
Disable macros: This will help to prevent attackers from running malicious macros.
Use a security solution: A good security solution can help to detect and block malicious attacks.

By following these tips and updating your LibreOffice software, you can help to keep your system safe from these vulnerabilities.