Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-14939

Опубликовано: 05 авг. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

РелизСтатусПримечание
bionic

not-affected

devel

not-affected

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]
precise/esm

DNE

trusty

not-affected

trusty/esm

DNE

trusty was not-affected
upstream

not-affected

debian: Doesn't affect LibreOffice running on glibc
xenial

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%
0.00533
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-14939

CVSS3: 3.3
redhat
больше 7 лет назад

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

nvd логотип

CVE-2018-14939

CVSS3: 9.8
nvd
больше 7 лет назад

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

debian логотип

CVE-2018-14939

CVSS3: 9.8
debian
больше 7 лет назад

The get_app_path function in desktop/unx/source/start.c in LibreOffice ...

github логотип

GHSA-83w8-rxv4-7jg8

CVSS3: 9.8
github
больше 3 лет назад

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

EPSS

Процентиль: 67%
0.00533
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3