CVE-2023-0950 - Array Index Underflow Vulnerability in LibreOffice Spreadsheet Component Exploited Through Malformed Formulas

The CVE-2023-0950 vulnerability is related to the improper validation of array index in the spreadsheet component of the popular open-source office suite, LibreOffice, created by The Document Foundation. By exploiting this vulnerability, an attacker can craft a spreadsheet document that will lead to an array index underflow when loaded. Consequently, this could allow the attacker to execute arbitrary code on the user's system.

Details of the Exploit

The vulnerability is associated with malformed spreadsheet formulas, such as AGGREGATE, which could be created with fewer parameters than expected by the formula interpreter. As a result, it causes an array index underflow, potentially leading to the chaotic execution of arbitrary code.

Consider the following code snippet

=AGGREGATE(1, 4, C1:C5)

Data range (C1:C5)

However, exploiting this vulnerability would involve creating a spreadsheet document with an AGGREGATE function containing fewer parameters than the formula interpreter expects - for example:

=AGGREGATE(1, 4)

When such a malformed formula is loaded, LibreOffice incorrectly handles the missing data range parameter, leading to an array index underflow.

Mitigation and Recommendations

To address this issue, The Document Foundation has released updated versions of LibreOffice that fix the vulnerability:

LibreOffice 7.5.1

It is strongly recommended for users to update their LibreOffice installations to the latest version available to safeguard against this vulnerability.

Additionally, users should exercise caution when opening spreadsheet documents from untrusted or unknown sources to minimize the risk of potential attacks leveraging this exploit.

For more information about the CVE-2023-0950 vulnerability and related fixes, refer to the following resources:

1. The Document Foundation's Official Announcement on the Vulnerability
2. CVE-2023-0950 Details in the National Vulnerability Database

By being vigilant and promptly updating the software, users can protect themselves from potential attacks that rely on this exploit.

Timeline

Published on: 05/25/2023 20:15:00 UTC
Last modified on: 06/07/2023 17:42:00 UTC