CVE-2015-1774

Description

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 7.40%• Percentile: 92%

Techniques & Countermeasures

• CWE-787•Out-of-bounds Write

  The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

• apache•openoffice

  ≤ 4.1.1

• canonical•ubuntu_linux

  12.04 | 14.04 | 14.10

• debian•debian_linux

  7.0 | 8.0

• fedoraproject•fedora

  21

• libreoffice•libreoffice

  ≤ 4.3.6 | 4.4.0 | 4.4.1

• redhat•enterprise_linux_desktop

  6.0

• redhat•enterprise_linux_server

  6.0

• redhat•enterprise_linux_workstation

  6.0

References (13)

• http://www.securitytracker.com/id/1032205
• http://www.debian.org/security/2015/dsa-3236
• http://www.openoffice.org/security/cves/CVE-2015-1774.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156582.html
• http://www.securitytracker.com/id/1032206
• http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157550.html
• http://www.securityfocus.com/bid/74338
• https://www.libreoffice.org/about-us/security/advisories/cve-2015-1774/
• http://rhn.redhat.com/errata/RHSA-2015-1458.html
• http://lists.opensuse.org/opensuse-updates/2015-05/msg00015.html
• https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1094
• http://www.ubuntu.com/usn/USN-2578-1
• https://security.gentoo.org/glsa/201603-05