Описание
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openoffice.org | Will not fix | ||
| Red Hat Enterprise Linux 6 | libreoffice | Fixed | RHSA-2015:2619 | 14.12.2015 |
| Red Hat Enterprise Linux 7 | libreoffice | Fixed | RHSA-2015:2619 | 14.12.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice be ...
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
Уязвимость операционных систем Debian GNU/Linux, Ubuntu, пакетов офисных программ LibreOffice и Apache OpenOffice, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS
5.8 Medium
CVSS2