2208506 – (CVE-2023-1183) CVE-2023-1183 libreoffice: Arbitrary File Write

Bug 2208506 (CVE-2023-1183) - CVE-2023-1183 libreoffice: Arbitrary File Write

Summary: CVE-2023-1183 libreoffice: Arbitrary File Write

Keywords:
Status:	NEW
Alias:	CVE-2023-1183
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2208509 2208510 2215918 2208508
Blocks:	2175609
TreeView+	depends on / blocked

Reported:	2023-05-19 09:52 UTC by Marian Rehak
Modified:	2023-07-07 08:30 UTC (History)
CC List:	4 users (show)
Fixed In Version:	libreoffice 7.4.6, libreoffice 7.5.1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2023-05-19 09:52:15 UTC

The issue occurs when LibreOffice executes the database/script file that is part of a base document. If this file contains a command like SCRIPT '../../../../../../../../../../../tmp/ohai', it will write the current contents of the database script to that file once a database connection is established.

Comment 3 Marian Rehak 2023-06-19 11:56:16 UTC

Created libreoffice tracking bugs for this issue:

Affects: fedora-all [bug 2215918]

Comment 4 Gwyn Ciesla 2023-06-20 15:13:12 UTC

I cannot view the embargoed BZ, and thus cannot work on this.

Note You need to log in before you can comment on or make changes to this bug.