Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185
Created libreoffice tracking bugs for this issue: Affects: fedora-all [bug 2254004]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:1480 https://access.redhat.com/errata/RHSA-2024:1480
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:1512 https://access.redhat.com/errata/RHSA-2024:1512
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1514 https://access.redhat.com/errata/RHSA-2024:1514
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1513 https://access.redhat.com/errata/RHSA-2024:1513
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:3304 https://access.redhat.com/errata/RHSA-2024:3304
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3835 https://access.redhat.com/errata/RHSA-2024:3835