libreoffice is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
CPE | Name | Operator | Version |
---|---|---|---|
libreoffice | eq | 3.4.5.2__16.el6 | |
libreoffice | eq | 3.4.5.2__16.1.el6_3 | |
libreoffice | eq | 4.0.4.2__9.el6 | |
libreoffice | eq | 4.0.4.2__14.el6 |
lists.fedoraproject.org/pipermail/package-announce/2015-April/156582.html
lists.fedoraproject.org/pipermail/package-announce/2015-May/157550.html
lists.opensuse.org/opensuse-updates/2015-05/msg00015.html
rhn.redhat.com/errata/RHSA-2015-1458.html
www.debian.org/security/2015/dsa-3236
www.openoffice.org/security/cves/CVE-2015-1774.html
www.securityfocus.com/bid/74338
www.securitytracker.com/id/1032205
www.securitytracker.com/id/1032206
www.ubuntu.com/usn/USN-2578-1
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1015083
bugzilla.redhat.com/show_bug.cgi?id=1150048
bugzilla.redhat.com/show_bug.cgi?id=1209852
rhn.redhat.com/errata/RHSA-2015-1458.html
security.gentoo.org/glsa/201603-05
wiki.documentfoundation.org/ReleaseNotes/4.2
www.libreoffice.org/about-us/security/advisories/cve-2015-1774/
www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1094