Disclosed information about two vulnerabilities in the free office suite LibreOffice, the most dangerous of which potentially allows the execution of code when opening a specially designed document. The first vulnerability was fixed without too much publicity in the March releases of 7.4.6 and 7.5.1, and the second in the May updates of LibreOffice 7.4.7 and 7.5.3.
The first vulnerability (CVE-2023-0950) potentially allows code to be executed on the system when opening a spreadsheet that includes specially modified formulas, such as AGGREGATE, in which fewer parameters are passed than expected. The problem is caused by an array index underflow (underflow) in the formula parsing code (ScInterpreter) used in spreadsheet processing.
The second vulnerability (CVE-2023-2255) allows an attacker to prepare a specially crafted document that, when opened without prompting or warning, will load external links, which does not correspond to the declared behavior of LibreOffice, which implies a warning when loading related content. The issue is caused by a bug in the permission request code when using the "Floating Frames" mechanism, which is similar to an iframe in HTML and allows the content of external files to be dynamically included in the document.
Source: opennet.ru
