CVE-2023-0950

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-0950
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-05-25 20:15:00 UTC
Updated2023-11-26 09:15:00 UTC
DescriptionImproper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.

Risk And Classification

Problem Types: CWE-129

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Application Libreoffice Libreoffice All All All All

References

ReferenceSourceLinkTags
[SECURITY] [DLA 3526-1] libreoffice security update MLIST lists.debian.org
CVE-2023-0950 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft MISC www.libreoffice.org
LibreOffice: Multiple Vulnerabilities (GLSA 202311-15) — Gentoo security security.gentoo.org
Debian -- Security Information -- DSA-5415-1 libreoffice DEBIAN www.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Secusmart GmbH for discovering and reporting the issue

LEGACY: Eike Rathke of Red Hat, Inc. for a solution

Legacy QID Mappings

  • 161108 Oracle Enterprise Linux Security Update for libreoffice (ELSA-2023-6508)
  • 161160 Oracle Enterprise Linux Security Update for libreoffice (ELSA-2023-6933)
  • 181810 Debian Security Update for libreoffice (DSA 5415-1)
  • 181886 Debian Security Update for libreoffice (CVE-2023-0950)
  • 199401 Ubuntu Security Notification for LibreOffice Vulnerabilities (USN-6144-1)
  • 242331 Red Hat Update for libreoffice (RHSA-2023:6508)
  • 242463 Red Hat Update for libreoffice (RHSA-2023:6933)
  • 6000042 Debian Security Update for libreoffice (DLA 3526-1)
  • 710798 Gentoo Linux LibreOffice Multiple Vulnerabilities (GLSA 202311-15)
  • 755597 SUSE Enterprise Linux Security Update for LibreOffice (SUSE-SU-2024:0075-1)
  • 941382 AlmaLinux Security Update for libreoffice (ALSA-2023:6508)
  • 941442 AlmaLinux Security Update for libreoffice (ALSA-2023:6933)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report