CVE-2015-4551 – libreoffice: Arbitrary file disclosure in Calc and Writer
https://notcve.org/view.php?id=CVE-2015-4551
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2 usa la información de configuración LinkUpdateMode almacenada en archivos OpenDocument Format y plantillas cuando maneja enlaces, lo que podría permitir a atacantes remotos obtener información sensible a través de un documento manipulado, lo que incrusta datos desde archivos locales a (1) Calc o (2) Writer. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551 http://www.openoffice.org/security/cves/CVE-2015-4551.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-787: Out-of-bounds Write •
CVE-2015-5213 – libreoffice: Integer overflow in DOC files
https://notcve.org/view.php?id=CVE-2015-5213
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. Desbordamiento de entero en LibreOffice en versiones anteriores a 4.4.5 y Apache OpenOffice en versiones anteriores a 4.1.2 permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un archivo DOC extenso, lo que desencadena un desbordamiento de buffer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. • http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.debian.org/security/2015/dsa-3394 http://www.libreoffice.org/about-us/security/advisories/cve-2015-5213 http://www.openoffice.org/security/cves/CVE-2015-5213.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77486 http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 https://s • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2015-1774 – libreoffice: HWP file filter vulnerability
https://notcve.org/view.php?id=CVE-2015-1774
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. El filtro HWP en LibreOffice anterior a 4.3.7 y 4.4.x anterior a 4.4.2 y Apache OpenOffice anterior a 4.1.2 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento HWP manipulado, lo cual provoca una escritura fuera de rango. A flaw was found in the way the LibreOffice HWP (Hangul Word Processor) file filter processed certain HWP documents. An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that document. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156582.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157550.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-1458.html http://www.debian.org/security/2015/dsa-3236 http://www.openoffice.org/security/cves/CVE-2015-1774.html http://www.securityfocus.com/bid/74338 http://www.securitytracker.com/id/1032205 http://www.securitytracker.com • CWE-787: Out-of-bounds Write CWE-822: Untrusted Pointer Dereference •
CVE-2014-9093
https://notcve.org/view.php?id=CVE-2014-9093
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. LibreOffice anterior a 4.3.5 permite a atacantes remotos causar una denegación de servicio (operación de escritura inválida y caída) y posiblemente ejecutar código arbitrario a través de un fichero RTF manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html http://www.debian.org/security/2015/dsa-3163 http://www.openwall.com/lists/oss-security/2014/11/19/3 http://www.openwall.com/lists/oss-security/2014/11/26/7 http://www.ubuntu.com/usn/USN-2578-1 https://bugs.freedesktop.org/show_bug.cgi?id=86449 https://security.gentoo.org/glsa/201603-05 • CWE-20: Improper Input Validation •
CVE-2014-3693 – libreoffice: Use-After-Free in socket manager of Impress Remote
https://notcve.org/view.php?id=CVE-2014-3693
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599. Vulnerabilidad de uso después de liberación en el gestor del socket de Impress Remote en LibreOffice 4.x anterior a 4.2.7 y 4.3.x anterior a 4.3.3 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud manipulada al puerto TCP 1599. A use-after-free flaw was found in the "Remote Control" capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html http://rhn.redhat.com/errata/RHSA-2015-0377.html http://secunia.com/advisories/62111 http://secunia.com/advisories/62132 http://secunia.com/advisories/62396 http://www.securityfocus.com/bid/71351 http://www.ubuntu.com/usn/USN-2398-1 https://security.gentoo.org/glsa/201603-05 https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693 https://access.redhat.com/security/cve/CVE-2014-3693 https:& • CWE-416: Use After Free •