CVE-2016-4324

Опубликовано: 28 июн. 2016

Источник: redhat

CVSS3: 7.8

CVSS2: 6.8

Описание

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

A use-after-free vulnerability was found in the Rich Text Format (RTF) document format parser in LibreOffice. By tricking a user into opening a specially crafted RTF document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	openoffice.org	Not affected
Red Hat Enterprise Linux 6	libreoffice	Not affected
Red Hat Enterprise Linux 7	libreoffice	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1351197libreoffice: Dereference of invalid STL iterator on processing RTF file

7.8 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2016-4324

CVSS3: 7.8

ubuntu

больше 9 лет назад

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

CVE-2016-4324

CVSS3: 7.8

nvd

больше 9 лет назад

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

CVE-2016-4324

CVSS3: 7.8

debian

больше 9 лет назад

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote ...

openSUSE-SU-2016:2538-1

suse-cvrf

больше 9 лет назад

Security update for libreoffice

SUSE-SU-2016:2472-1

suse-cvrf

больше 9 лет назад

Security update for libreoffice

7.8 High

CVSS3

6.8 Medium

CVSS2