CVE-2023-0950
Title: Array Index UnderFlow in Calc Formula Parsing
Announced: May 24, 2023
Fixed in: LibreOffice 7.4.6/7.5.2
Description:
The Spreadsheet module of LibreOffice supports various formulas that take multiple parameters. The formulas are interpreted by 'ScInterpreter' which extract the required parameters for a given formula off a stack.
In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that the arbitrary code could be executed.
In versions >= 7.4.6 (and >= 7.5.2) the count of parameters is validated
Credits:
- Secusmart GmbH for discovering and reporting the issue
- Eike Rathke of Red Hat, Inc. for a solution
References:
CVE-2023-0950
Follow Us