CVE-2014-9093
LibreOffice < 4.3.5 - Denial of Service and Possible Remote Code Execution via Crafted RTF File
Title source: llmDescription
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/11/19/3
Issue Tracking x_refsource_confirm
https://bugs.freedesktop.org/show_bug.cgi?id=86449
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3163
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/11/26/7
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2578-1
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-05
Scores
EPSS
0.0414
EPSS Percentile
89.6%
Details
CWE
CWE-20
Status
published
Products (6)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
debian/debian_linux
7.0
fedoraproject/fedora
20
libreoffice/libreoffice
< 4.3.4
Published
Nov 26, 2014
Tracked Since
Feb 18, 2026