CVE-2023-6186

Name
CVE-2023-6186
Description
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@documentfoundation.org https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186
security@documentfoundation.org https://www.debian.org/security/2023/dsa-5574
security@documentfoundation.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/
security@documentfoundation.org https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:* libreoffice >= 7.5.0 < 7.5.9
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:* libreoffice >= 7.6.0 < 7.6.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libreoffice 3.19-community 7.6.3.1-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable