CVE-2018-14939

2018-08-0518:29:00

Google

osv.dev

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

CPENameOperatorVersion
coreeqlibreoffice-5-2-branch-point
coreeqlibreoffice-5-1-branch-point
coreeqlibreoffice-3.5.0.0
coreeqlibreoffice-4-3-branch-point
coreeqcp-6.0-3
coreeqlibreoffice-6-0-branch-point
coreeqcp-6.0-2
coreeqcp-6.0-5
coreeqgpg4libre-review-5.4.99
coreeqcp-6.0-1

Name	Operator	Version
core	eq	libreoffice-5-2-branch-point
core	eq	libreoffice-5-1-branch-point
core	eq	libreoffice-3.5.0.0
core	eq	libreoffice-4-3-branch-point
core	eq	cp-6.0-3
core	eq	libreoffice-6-0-branch-point
core	eq	cp-6.0-2
core	eq	cp-6.0-5
core	eq	gpg4libre-review-5.4.99
core	eq	cp-6.0-1