CVE-2014-9093

LibreOffice < 4.3.5 - Denial of Service and Possible Remote Code Execution via Crafted RTF File

Title source: llm
STIX 2.1

Description

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

References (7)

Core 7
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/11/19/3
Issue Tracking x_refsource_confirm
https://bugs.freedesktop.org/show_bug.cgi?id=86449
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3163
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/11/26/7
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2578-1
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201603-05

Scores

EPSS 0.0414
EPSS Percentile 89.6%

Details

CWE
CWE-20
Status published
Products (6)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
debian/debian_linux 7.0
fedoraproject/fedora 20
libreoffice/libreoffice < 4.3.4
Published Nov 26, 2014
Tracked Since Feb 18, 2026