CVE-2014-3693 — Use After Free in Libreoffice

CWE-416 — Use After Free8 documents7 sources

Severity

7.5HIGHNVD

EPSS

4.3%

top 11.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libreoffice Debian Libreoffice Canonical Ubuntu Linux +4 more

Timeline

PublishedNov 7

Latest updateMay 14

Description

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶debiandebian/libreoffice< libreoffice 1:4.3.3~rc2~git20141011-1 (bookworm)

▶Debianlibreoffice/libreoffice< 1:4.3.3~rc2~git20141011-1+3

▶NVDlibreoffice/libreoffice21 versions+20

▶NVDopensuse/opensuse13.1

▶NVDredhat/enterprise_linux_server7.0

Also affects: Ubuntu Linux 14.04, 14.10

Patches

Patch: www.ubuntu.com ↗Patch: www.ubuntu.com ↗

🔴Vulnerability Details

GHSA

GHSA-2cc9-9pjp-x968: Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4↗2022-05-14

▶

OSV

CVE-2014-3693: Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4↗2014-11-07

▶

📋Vendor Advisories

Red Hat

libreoffice: Use-After-Free in socket manager of Impress Remote↗2014-11-05

▶

Ubuntu

LibreOffice vulnerability↗2014-11-05

▶

Debian

CVE-2014-3693: libreoffice - Use-after-free vulnerability in the socket manager of Impress Remote in LibreOff...↗2014

▶

💬Community

Bugzilla

CVE-2014-3693 libreoffice: Use-After-Free in socket manager of Impress Remote [fedora-all]↗2014-11-24

▶

Bugzilla

CVE-2014-3693 libreoffice: Use-After-Free in socket manager of Impress Remote↗2014-11-17

▶