CVE-2023-2255

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-2255
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-05-25 20:15:00 UTC
Updated2023-11-26 09:15:00 UTC
DescriptionImproper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 11.0 All All All
Application Libreoffice Libreoffice All All All All

References

ReferenceSourceLinkTags
CVE-2023-2255 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft MISC www.libreoffice.org
[SECURITY] [DLA 3526-1] libreoffice security update MLIST lists.debian.org
LibreOffice: Multiple Vulnerabilities (GLSA 202311-15) — Gentoo security security.gentoo.org
Debian -- Security Information -- DSA-5415-1 libreoffice DEBIAN www.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Amel Bouziane-Leblond for discovering and reporting the issue

Legacy QID Mappings

  • 161108 Oracle Enterprise Linux Security Update for libreoffice (ELSA-2023-6508)
  • 161160 Oracle Enterprise Linux Security Update for libreoffice (ELSA-2023-6933)
  • 181810 Debian Security Update for libreoffice (DSA 5415-1)
  • 182522 Debian Security Update for libreoffice (CVE-2023-2255)
  • 199401 Ubuntu Security Notification for LibreOffice Vulnerabilities (USN-6144-1)
  • 242331 Red Hat Update for libreoffice (RHSA-2023:6508)
  • 242463 Red Hat Update for libreoffice (RHSA-2023:6933)
  • 6000042 Debian Security Update for libreoffice (DLA 3526-1)
  • 710798 Gentoo Linux LibreOffice Multiple Vulnerabilities (GLSA 202311-15)
  • 755597 SUSE Enterprise Linux Security Update for LibreOffice (SUSE-SU-2024:0075-1)
  • 941382 AlmaLinux Security Update for libreoffice (ALSA-2023:6508)
  • 941442 AlmaLinux Security Update for libreoffice (ALSA-2023:6933)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report