CVE-2014-9093Improper Input Validation in Libreoffice

CWE-20Improper Input Validation8 documents7 sources
Severity
7.5HIGHNVD
EPSS
3.3%
top 12.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LibreofficeDebian LibreofficeCanonical Ubuntu Linux+2 more
Timeline
PublishedNov 26
Latest updateMay 17

Description

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

debiandebian/libreoffice< libreoffice 1:4.3.3-2 (bookworm)
Debianlibreoffice/libreoffice< 1:4.3.3-2+3
Ubuntulibreoffice/libreoffice< 1:4.2.8-0ubuntu2

Also affects: Debian Linux 7.0, Fedora 20, Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

3
GHSA
GHSA-75f2-6p94-94mp: LibreOffice before 42022-05-17
OSV
libreoffice vulnerabilities2015-04-27
OSV
CVE-2014-9093: LibreOffice before 42014-11-26

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerabilities2015-04-27
Red Hat
libreoffice: crash importing malformed .rtf2014-11-19
Debian
CVE-2014-9093: libreoffice - LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (i...2014

💬Community

1
Bugzilla
CVE-2014-9093 libreoffice: crash importing malformed .rtf2014-11-19