CVE-2015-1774

CWE-787Out-of-bounds WriteCWE-129Improper Array Index ValidationCWE-20Improper Input ValidationCWE-252Unchecked Return ValueCWE-82211 documents8 sources
Severity
6.8MEDIUM
EPSS
9.7%
top 7.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Apache OpenofficeLibreoffice LibreofficeCanonical Ubuntu Linux+5 more
Timeline
PublishedApr 28
Latest updateMay 13

Description

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

Debianlibreoffice< 1:4.4.2-1+3

Also affects: Debian Linux 7.0, 8.0, Fedora 21, Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

4
GHSA
GHSA-6c6p-xqgg-wgfg: The HWP filter in LibreOffice before 42022-05-13
OSV
CVE-2015-1774: The HWP filter in LibreOffice before 42015-04-28
CVEList
CVE-2015-1774: The HWP filter in LibreOffice before 42015-04-28
OSV
libreoffice vulnerabilities2015-04-27

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerabilities2015-04-27
Red Hat
libreoffice: HWP file filter vulnerability2015-04-27
Debian
CVE-2015-1774: libreoffice - The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache Ope...2015

💬Community

3
Bugzilla
CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function2017-06-19
Bugzilla
CVE-2015-1774 libreoffice: HWP file filter vulnerability2015-04-28
Bugzilla
CVE-2015-1774 libreoffice: out-of-bounds write in HWP file filter [fedora-all]2015-04-28
CVE-2015-1774 (MEDIUM CVSS 6.8) | The HWP filter in LibreOffice befor | cvebase.io