CVE-2023-1183

NameCVE-2023-1183
DescriptionA flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3467-1, DLA-3468-1, DSA-5436-1, DSA-5437-1, ELA-1178-1, ELA-876-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
hsqldb (PTS)jessie2.2.9+dfsg-4vulnerable
stretch2.3.4-1vulnerable
buster (security), buster, buster (lts)2.4.1-2+deb10u2fixed
bullseye (security), bullseye2.5.1-1+deb11u2fixed
bookworm (security), bookworm2.7.1-1+deb12u1fixed
sid, trixie2.7.2-1fixed
hsqldb1.8.0 (PTS)jessie, jessie (lts)1.8.0.10+dfsg-3+deb8u1fixed
stretch (lts), stretch1.8.0.10+dfsg-7+deb9u1fixed
buster (security), buster, buster (lts)1.8.0.10+dfsg-10+deb10u1fixed
bullseye (security), bullseye1.8.0.10+dfsg-10+deb11u1fixed
bookworm (security), bookworm1.8.0.10+dfsg-11+deb12u1fixed
sid, trixie1.8.0.10+dfsg-12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
hsqldbsourcejessie(unfixed)end-of-life
hsqldbsourcestretch(unfixed)end-of-life
hsqldbsourcebuster2.4.1-2+deb10u2DLA-3467-1
hsqldbsourcebullseye2.5.1-1+deb11u2DSA-5437-1
hsqldbsourcebookworm2.7.1-1+deb12u1DSA-5437-1
hsqldbsource(unstable)2.7.2-1
hsqldb1.8.0sourcejessie1.8.0.10+dfsg-3+deb8u1ELA-1178-1
hsqldb1.8.0sourcestretch1.8.0.10+dfsg-7+deb9u1ELA-876-1
hsqldb1.8.0sourcebuster1.8.0.10+dfsg-10+deb10u1DLA-3468-1
hsqldb1.8.0sourcebullseye1.8.0.10+dfsg-10+deb11u1DSA-5436-1
hsqldb1.8.0sourcebookworm1.8.0.10+dfsg-11+deb12u1DSA-5436-1
hsqldb1.8.0source(unstable)1.8.0.10+dfsg-12

Notes

https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
https://gerrit.libreoffice.org/c/core/+/146905
https://sourceforge.net/p/hsqldb/svn/6639/

Search for package or bug name: Reporting problems