Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-1774

Published: 28/04/2015 Updated: 07/02/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The HWP filter in LibreOffice prior to 4.3.7 and 4.4.x prior to 4.4.2 and Apache OpenOffice prior to 4.1.2 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 14.10

debian debian linux 8.0

debian debian linux 7.0

apache openoffice

fedoraproject fedora 21

redhat enterprise linux workstation 6.0

redhat enterprise linux server 6.0

redhat enterprise linux desktop 6.0

libreoffice libreoffice

libreoffice libreoffice 4.4.0

libreoffice libreoffice 4.4.1

Vendor Advisories

Ubuntu Security Notice: libreoffice vulnerabilities
LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file ...
Red Hat: CVE-2015-1774
A flaw was found in the way the LibreOffice HWP (Hangul Word Processor) file filter processed certain HWP documents An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that document ...

References

CWE-787http://www.openoffice.org/security/cves/CVE-2015-1774.htmlhttp://www.debian.org/security/2015/dsa-3236https://www.libreoffice.org/about-us/security/advisories/cve-2015-1774/http://www.ubuntu.com/usn/USN-2578-1http://www.securitytracker.com/id/1032206http://www.securitytracker.com/id/1032205http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156582.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1458.htmlhttp://www.securityfocus.com/bid/74338https://security.gentoo.org/glsa/201603-05https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1094http://lists.opensuse.org/opensuse-updates/2015-05/msg00015.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157550.htmlhttps://usn.ubuntu.com/2578-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1774
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook