6.8
CVE-2015-1774
- EPSS 7.65%
- Veröffentlicht 28.04.2015 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.10
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Apache ≫ Openoffice Version <= 4.1.1
Fedoraproject ≫ Fedora Version21
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Libreoffice ≫ Libreoffice Version <= 4.3.6
Libreoffice ≫ Libreoffice Version4.4.0
Libreoffice ≫ Libreoffice Version4.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.65% | 0.938 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://security.gentoo.org/glsa/201603-05
http://www.ubuntu.com/usn/USN-2578-1
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156582.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157550.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00015.html
http://rhn.redhat.com/errata/RHSA-2015-1458.html
http://www.debian.org/security/2015/dsa-3236
http://www.openoffice.org/security/cves/CVE-2015-1774.html
http://www.securityfocus.com/bid/74338
http://www.securitytracker.com/id/1032205
http://www.securitytracker.com/id/1032206
https://www.libreoffice.org/about-us/security/advisories/cve-2015-1774/
https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1094