CVE-2014-3575

CWE-200 — Information Exposure8 documents7 sources

Severity

4.3MEDIUM

EPSS

9.9%

top 7.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Libreoffice Libreoffice Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedAug 27

Latest updateMay 13

Description

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

▶NVDapache/openoffice< 4.1.1

▶NVDlibreoffice/libreoffice4.3.0 — 4.3.1+1

▶Ubuntulibreoffice< 1:4.2.6.3-0ubuntu1

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

🔴Vulnerability Details

GHSA

GHSA-42x7-f4ww-xqq9: The OLE preview generation in Apache OpenOffice before 4↗2022-05-13

▶

CVEList

CVE-2014-3575: The OLE preview generation in Apache OpenOffice before 4↗2014-08-27

▶

OSV

CVE-2014-3575: The OLE preview generation in Apache OpenOffice before 4↗2014-08-26

▶

📋Vendor Advisories

Ubuntu

LibreOffice vulnerability↗2014-11-10

▶

Red Hat

openoffice: Arbitrary file disclosure via crafted OLE objects↗2014-08-21

▶

💬Community

Bugzilla

CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure via crafted OLE objects [fedora-all]↗2014-09-09

▶

Bugzilla

CVE-2014-3575 openoffice: Arbitrary file disclosure via crafted OLE objects↗2014-09-05

▶