An bayyana bayanai game da lahani guda biyu a cikin buɗaɗɗen ofis ɗin LibreOffice, mafi haɗari wanda zai iya ba da izinin aiwatar da lambar yayin buɗe takaddun kera na musamman. Rashin lahani na farko ya kasance cikin nutsuwa a cikin sakin Maris na LibreOffice 7.4.6 da 7.5.1, kuma na biyu a cikin sabuntawar Mayu na LibreOffice 7.4.7 da 7.5.3.
Rashin lahani na farko (CVE-2023-0950) na iya ba da izinin aiwatar da lamba lokacin buɗe maƙunsar rubutu mai ɗauke da ƙididdiga na musamman, kamar AGGREGATE, waɗanda ke wuce ƙarancin sigogi fiye da yadda ake tsammani. Matsalar tana faruwa ne ta hanyar tsararrun fihirisar da ke gudana a cikin lambar tantancewa (ScInterpreter) da ake amfani da ita don aiwatar da maƙunsar bayanai.
Rashin lahani na biyu (CVE-2023-2255) yana bawa maharin damar ƙirƙirar takarda na musamman wanda, idan an buɗe, yana loda hanyoyin haɗin waje ba tare da faɗakarwa ko faɗakarwa ba. Wannan bai dace da halayen LibreOffice da aka nufa ba, wanda shine nuna gargaɗi lokacin loda abun ciki mai alaƙa. Matsalar tana faruwa ne ta hanyar aibi a cikin lambar neman izini lokacin amfani da tsarin "Floating Frames", kama da iframe na HTML, wanda ke ba da damar haɗa abubuwan fayil na waje a cikin takarda.
source: budenet.ru
