CVE-2023-2255

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 7.4.7 LibreOffice versions prior to 7.5.3

Description The issue is related to improper access control in the editor components of LibreOffice, allowing an attacker to craft a document that loads external links without prompting the user for permission. This affects documents that use "floating frames" linked to external files, which would load the contents of those frames without user consent. This behavior is inconsistent with how other linked content is handled in LibreOffice.

Recommendations For LibreOffice versions prior to 7.4.7, update to version 7.4.7 or later. For LibreOffice versions prior to 7.5.3, update to version 7.5.3 or later. As a temporary workaround, consider avoiding the use of "floating frames" linked to external files until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-357

Related Identifiers

ALSA-2023:6508

ALSA-2023:6933

ALSA-2023_6508

ALSA-2023_6933

ALSA-2024_1427

ALSA-2024_1514

ALSA-2024_3835

ALT-PU-2023-1920

ALT-PU-2023-2047

ALT-PU-2023-5557

ALT-PU-2024-1179

BDU:2023-02968

CESA-2023_6933

CVE-2023-2255

DLA-3526-1

DSA-5415-1

ELSA-2023-6508

ELSA-2023-6933

MGASA-2023-0194

RHSA-2023:6508

RHSA-2023:6933

RHSA-2023_6508

RHSA-2023_6933

SUSE-FU-2023:3413-1

SUSE-FU-2023:3696-1

SUSE-SU-2024:0075-1

SUSE-SU-2024_0075-1

USN-6144-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libreoffice

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2023-2255

Weakness Enumeration

Related Identifiers

Affected Products

References · 71