CVE-2014-3693

Опубликовано: 05 нояб. 2014

Источник: redhat

CVSS2: 5.1

Описание

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

A use-after-free flaw was found in the "Remote Control" capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libreoffice	Will not fix
Red Hat Enterprise Linux 7	libabw	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	libcmis	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	libetonyek	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	libfreehand	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	liblangtag	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	libmwaw	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	libodfgen	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	libreoffice	Fixed	RHSA-2015:0377	05.03.2015
Red Hat Enterprise Linux 7	mdds	Fixed	RHSA-2015:0377	05.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1164733libreoffice: Use-After-Free in socket manager of Impress Remote

5.1 Medium

CVSS2

Связанные уязвимости

CVE-2014-3693

ubuntu

около 11 лет назад

CVE-2014-3693

nvd

около 11 лет назад

CVE-2014-3693

debian

около 11 лет назад

Use-after-free vulnerability in the socket manager of Impress Remote i ...

GHSA-2cc9-9pjp-x968

github

больше 3 лет назад

ELSA-2015-0377

oracle-oval

больше 10 лет назад

ELSA-2015-0377: libreoffice security, bug fix, and enhancement update (MODERATE)

5.1 Medium

CVSS2