CVE-2023-36268

Publication date 30 April 2024

Last updated 18 September 2024

An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt file.

Read the notes from the security team

Why is this CVE low priority?

Denial of service via resource exhaustion in a desktop application

Learn more about Ubuntu priority

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libreoffice	24.10 oracular	Vulnerable, fix deferred
	24.04 LTS noble	Vulnerable, fix deferred
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Vulnerable, fix deferred
	20.04 LTS focal	Vulnerable, fix deferred

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

This attack uses a powerpoint slide with 640000 images in it, which causes libreoffice to consume resources. This has a low security impact as it only causes a desktop application to consume resources. as of 2024-09-18, there is no upstream fix for this issue

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2023-36268
https://github.com/kfx-N/test1