{"id":"UBUNTU-CVE-2023-1183","details":"A flaw was found in the Libreoffice package. An attacker can craft an odb containing a \"database/script\" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.","modified":"2025-10-24T05:01:07Z","published":"2023-07-10T16:15:00Z","upstream":["CVE-2023-1183"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1183"},{"type":"REPORT","url":"https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/"},{"type":"REPORT","url":"https://gerrit.libreoffice.org/c/core/+/146905"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-1183"}],"affected":[{"package":{"name":"hsqldb1.8.0","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/hsqldb1.8.0@1.8.0.10+dfsg-6?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0.10+dfsg-3ubuntu1","1.8.0.10+dfsg-5ubuntu1","1.8.0.10+dfsg-5ubuntu2","1.8.0.10+dfsg-6"],"ecosystem_specific":{"binaries":[{"binary_name":"libhsqldb1.8.0-java","binary_version":"1.8.0.10+dfsg-6"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-1183.json"}},{"package":{"name":"hsqldb1.8.0","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/hsqldb1.8.0@1.8.0.10+dfsg-10~18.04?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0.10+dfsg-7","1.8.0.10+dfsg-8","1.8.0.10+dfsg-10~18.04"],"ecosystem_specific":{"binaries":[{"binary_name":"libhsqldb1.8.0-java","binary_version":"1.8.0.10+dfsg-10~18.04"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-1183.json"}},{"package":{"name":"hsqldb1.8.0","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/hsqldb1.8.0@1.8.0.10+dfsg-10?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0.10+dfsg-10"],"ecosystem_specific":{"binaries":[{"binary_name":"libhsqldb1.8.0-java","binary_version":"1.8.0.10+dfsg-10"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-1183.json"}},{"package":{"name":"hsqldb1.8.0","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/hsqldb1.8.0@1.8.0.10+dfsg-11?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0.10+dfsg-10","1.8.0.10+dfsg-11"],"ecosystem_specific":{"binaries":[{"binary_name":"libhsqldb1.8.0-java","binary_version":"1.8.0.10+dfsg-11"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-1183.json"}},{"package":{"name":"hsqldb1.8.0","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/hsqldb1.8.0@1.8.0.10+dfsg-12?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0.10+dfsg-12"],"ecosystem_specific":{"binaries":[{"binary_name":"libhsqldb1.8.0-java","binary_version":"1.8.0.10+dfsg-12"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-1183.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}