Two critical vulnerabilities have been discovered in the popular free office suite that could allow attackers to execute malicious scripts or plugins on your computer. These vulnerabilities have been assigned a high 8.3 out of 10 severity rating, making them a significant threat to user security.
How the vulnerabilities work
CVE-2023-6186: This vulnerability allows attackers to execute arbitrary scripts when a user clicks on a specially crafted link within a document. This link can be disguised to appear harmless, tricking users into clicking it. When clicked, the script can be used to steal sensitive information, install malware, or take other malicious actions.
CVE-2023-6185: This vulnerability allows attackers to execute arbitrary plugins for the Gstreamer multimedia framework on Linux systems. This can be achieved by embedding a specially designed video within a document. When the video is opened, the malicious plugin can be used to gain access to the user’s system or perform other harmful actions. This is a likely case in the LibreOffice Impress presentation program where users embed videos.
Why these are important?
These vulnerabilities are particularly serious because they can be easily exploited by attackers. All an attacker needs to do is create a malicious document and trick a user into opening it. Once the document is opened, the attacker can gain control of the user’s computer.
This is a major concern for anyone who uses LibreOffice, as it is a popular office suite used by millions of people around the world. The vulnerabilities could be used to target individuals, businesses, or even governments.
Already patched
Fortunately, LibreOffice has released updates that fix these vulnerabilities. Users are strongly urged to update to the latest version of LibreOffice as soon as possible.
Here are the latest versions of LibreOffice that address these vulnerabilities:
- LibreOffice 7.6.4
- LibreOffice 7.5.9
In addition to updating LibreOffice, you can also take the following steps to protect yourselves:
- Be careful about opening documents from unknown sources.
- Do not click on links in documents that you do not trust.
- Enable the “Macro Security” feature in LibreOffice.
- Use a security software program that can detect and block malware.
We recommend all LibreOffice users update to the latest version of the software as soon as possible to protect themselves from these critical vulnerabilities. The above fixes have already landed in Debian, Ubuntu, and Fedora stable releases.
Recent articles from DebugPoint.com
- Xfce 4.20: Best New Featureson January 4, 2025
- Cinnamon 6.4 Brings Visual Overhaul: Key Featureson December 9, 2024
- elementary OS 8: 10 Best New Featureson December 2, 2024
- Creating Your Own Home Lab: Essential Setup Tips for Tech Enthusiastson November 26, 2024
- Upgrade to Fedora 41 from Fedora 40 Workstation (GUI and CLI)on November 4, 2024