CVE-2023-6185
Published: 11 December 2023
Summary
CVE-2023-6185 is a high-severity an unspecified weakness vulnerability in Libreoffice Libreoffice. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 18.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58434
Vulnerability details
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker…
more
to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2023-6185 is an improper input validation vulnerability in LibreOffice's GStreamer integration that allows execution of arbitrary GStreamer plugins via a malformed embedded video filename, enabling exploitation for client-side code execution.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.