Two vulnerabilities in LibreOffice published [31.05.23]
The developers of LibreOffice have published information about two vulnerabilities in their office software.
- The first vulnerability allows an attacker to create a document with a formula that contains fewer parameters than the formula interpreter expects when passing it. When processed in Calc, arbitrary code could then be executed due to an array index underflow. This vulnerability affects LibreOffice versions 7.4. before 7.4.6 and versions 7.5. before 7.5.1.
- Due to the second vulnerability, linked objects in documents with "floating frames" are updated without further prompting when opened. Attackers could create a document that allows external links to be loaded without prompting. Affected are LibreOffice versions 7.4. before 7.4.7 and versions 7.5 before 7.5.3.
It is recommended to install the latest versions 7.4.7 and 7.5.3.
Do you have questions or comments about this site? contact form