CVE-2023-36268

Publication date 30 April 2024

Last updated 21 January 2025

An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt file.

Read the notes from the security team

Why is this CVE low priority?

Denial of service via resource exhaustion in a desktop application

Learn more about Ubuntu priority

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libreoffice	24.10 oracular	Ignored
	24.04 LTS noble	Ignored
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Ignored
	20.04 LTS focal	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

This attack uses a powerpoint slide with 640000 images in it, which causes libreoffice to consume resources. This has a low security impact as it only causes a desktop application to consume resources. We will not be fixing this issue in Ubuntu

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2023-36268
https://github.com/kfx-N/test1