MGASA-2014-0446

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2014-3575

Published: 14 Nov 2014, 01:24

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Nov 2014, 01:24

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated libreoffice packages fix security vulnerability A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the prompt to "Update Links" but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties (CVE-2014-3575). LibreOffice has been patched to fix this issue.

Affected Systems

mageia•libreoffice
< 4.0.6.2-3.mga3

References (4)

https://advisories.mageia.org/MGASA-2014-0446.html
https://bugs.mageia.org/show_bug.cgi?id=13580
http://www.libreoffice.org/about-us/security/advisories/cve-2014-3575/
https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html