Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libreoffice-7.1.8.1-11.el9 build changelog.

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Arbitrary File Write (CVE-2023-1183)

  - Remote documents loaded without prompt via IFrame (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0075-1 advisory.

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202311-15 (LibreOffice: Multiple Vulnerabilities)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6933 advisory.

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6508 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6933 advisory.

  - libreoffice: Empty entry in Java class path (CVE-2022-38745)

  - libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

  - libreoffice: Arbitrary file write (CVE-2023-1183)

  - libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:6933 advisory.

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6508 advisory.

  - libreoffice: Empty entry in Java class path (CVE-2022-38745)

  - libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

  - libreoffice: Arbitrary file write (CVE-2023-1183)

  - libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3526 advisory.

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6144-1 advisory.

    It was discovered that LibreOffice did not properly validate the number of parameters passed to the     formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a     specially crafted spreadsheet file, an attacker could possibly use this issue to execute arbitrary code.
    (CVE-2023-0950)

    Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user before loading the host document     inside an IFrame. If a user were tricked into opening a specially crafted input file, an attacker could     possibly use this issue to cause information disclosure or execute arbitrary code. (CVE-2023-2255)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5415 advisory.

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
199357	RHEL 9 : libreoffice (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
191157	CentOS 9 : libreoffice-7.1.8.1-11.el9	Nessus	CentOS Local Security Checks	high
187939	SUSE SLED12 / SLES12 Security Update : LibreOffice (SUSE-SU-2024:0075-1)	Nessus	SuSE Local Security Checks	high
186284	GLSA-202311-15 : LibreOffice: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
186134	Oracle Linux 8 : libreoffice (ELSA-2023-6933)	Nessus	Oracle Linux Local Security Checks	high
185872	Oracle Linux 9 : libreoffice (ELSA-2023-6508)	Nessus	Oracle Linux Local Security Checks	high
185684	RHEL 8 : libreoffice (RHSA-2023:6933)	Nessus	Red Hat Local Security Checks	high
185632	CentOS 8 : libreoffice (CESA-2023:6933)	Nessus	CentOS Local Security Checks	high
185155	RHEL 9 : libreoffice (RHSA-2023:6508)	Nessus	Red Hat Local Security Checks	high
179739	Debian DLA-3526-1 : libreoffice - LTS security update	Nessus	Debian Local Security Checks	critical
176885	Ubuntu 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-6144-1)	Nessus	Ubuntu Local Security Checks	high
176674	LibreOffice 7.4 < 7.4.6 / 7.5 < 7.5.2 Array Index UnderFlow (Windows)	Nessus	MacOS X Local Security Checks	high
176672	LibreOffice 7.4 < 7.4.6 / 7.5 < 7.5.2 Array Index UnderFlow (Windows)	Nessus	Windows	high
176445	Debian DSA-5415-1 : libreoffice - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2023-0950

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

critical

high

high

high

high