CVE-2015-4551

CWE-200 — Information Exposure CWE-787 — Out-of-bounds Write10 documents8 sources

Severity

4.3MEDIUM

EPSS

9.6%

top 7.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Libreoffice Libreoffice Canonical Ubuntu Linux +1 more

Timeline

PublishedNov 10

Latest updateMay 13

Description

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDapache/openoffice4.1.1

▶Debianlibreoffice< 1:5.0.1~rc1-1+3

▶Ubuntulibreoffice< 1:4.2.8-0ubuntu3

▶NVDlibreoffice/libreoffice4.4.4

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-fjgf-2jpq-hrjf: LibreOffice before 4↗2022-05-13

▶

OSV

CVE-2015-4551: LibreOffice before 4↗2015-11-10

▶

CVEList

CVE-2015-4551: LibreOffice before 4↗2015-11-10

▶

OSV

libreoffice vulnerabilities↗2015-11-05

▶

📋Vendor Advisories

Ubuntu

LibreOffice vulnerabilities↗2015-11-05

▶

Red Hat

libreoffice: Arbitrary file disclosure in Calc and Writer↗2015-11-04

▶

Debian

CVE-2015-4551: libreoffice - LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored Link...↗2015

▶

💬Community

Bugzilla

CVE-2015-4551 libreoffice: Arbitrary file disclosure in Calc and Writer↗2015-11-06

▶

Bugzilla

CVE-2015-4551 libreoffice: Arbitrary file disclosure in Calc and Writer [fedora-all]↗2015-11-06

▶