CVE-2023-0950

HIGH EPSS 21.6%
Published May 25, 20233y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 25, 2023 3y ago
Last Modified Jun 17, 2026 1w ago

Description

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
21.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-129

Affected Products 3

VendorProductVersionRange
libreofficelibreoffice*≥7.4.0  –  <7.4.6
libreofficelibreoffice*≥7.5.0  –  <7.5.2
debiandebian_linux10.0any

References 4

  • lists.debian.org https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html
  • security.gentoo.org https://security.gentoo.org/glsa/202311-15
  • debian.org https://www.debian.org/security/2023/dsa-5415
    Third Party Advisory
  • libreoffice.org https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.