Headline
CVE-2023-0950: CVE-2023-0950 | LibreOffice - Free Office Suite - Based on OpenOffice
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.
Discover
Download
Get Help
Improve it
Events
About Us
Donate
About Us /
Security /
Security Advisories /
CVE-2023-0950
CVE-2023-0950
Title: Array Index UnderFlow in Calc Formula Parsing
Announced: May 24, 2023
Fixed in: LibreOffice 7.4.6/7.5.2
Description:
The Spreadsheet module of LibreOffice supports various formulas that take multiple parameters. The formulas are interpreted by ‘ScInterpreter’ which extract the required parameters for a given formula off a stack.
In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that the arbitrary code could be executed.
In versions >= 7.4.6 (and >= 7.5.2) the count of parameters is validated
Credits:
- Secusmart GmbH for discovering and reporting the issue
- Eike Rathke of Red Hat, Inc. for a solution
Related news
Gentoo Linux Security Advisory 202311-15 - Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. Versions greater than or equal to 7.5.3.2 are affected.
Ubuntu Security Notice 6144-1 - It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute arbitrary code. Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user before loading the host document inside an IFrame. If a user were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause information disclosure or execute arbitrary code.
Debian Linux Security Advisory 5415-1 - Two security issues were discovered in LibreOffice, which could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowledged loading of linked documents within a floating frame.