Vulnerability Details : CVE-2023-0950
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.
Products affected by CVE-2023-0950
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
- cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0950
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0950
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2023-0950
-
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.Assigned by:
- nvd@nist.gov (Primary)
- security@documentfoundation.org (Secondary)
References for CVE-2023-0950
-
https://security.gentoo.org/glsa/202311-15
LibreOffice: Multiple Vulnerabilities (GLSA 202311-15) — Gentoo security
-
https://www.debian.org/security/2023/dsa-5415
Debian -- Security Information -- DSA-5415-1 libreofficeThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html
[SECURITY] [DLA 3526-1] libreoffice security update
-
https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950
CVE-2023-0950 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with MicrosoftVendor Advisory
Jump to