LibreOffice Addresses High-Risk Security Gaps
LibreOffice, the popular office software suite, has recently released updated packages that address some high-risk security vulnerabilities. In the past, attackers have been able to send manipulated documents that when opened could inject and execute malicious code.
High-risk Vulnerability in Formulas
One of the vulnerabilities addressed in the latest update affects LibreOffice’s Calc feature. The formula parser ScInterpreter does not correctly check the number of parameters passed, leading to an array index underflow. If fewer parameters were specified in the formula, arbitrary code could be executed, increasing the risk of an attack. This risk has been classified as ‘high’, according to the CVE-2023-0950 advisory.
Update Improvements
In addition to addressing formula-related vulnerabilities, the latest update also adds a prompt when opening linked Iframe objects. Previously, LibreOffice updated the iframes without querying the user. This behavior left users open to potential vulnerabilities from iframes that contained malicious content.
Stay Up-to-Date
To stay safe, users of LibreOffice should ensure they are running the latest version. The current versions 7.5.3 and 7.4.7 contain the necessary security patches and are available for download. Linux users should also check with their distribution’s software management system to ensure they are running the latest version and have all appropriate security patches installed.
LibreOffice’s Recent Developments
LibreOffice has unveiled many new features with the release of version 7.5, including a new toolbar, updated icons, and translations with DeepL via API. By staying up-to-date with security patches and following LibreOffice’s development, users can rest assured that they are using a secure and up-to-date office suite.
