Improper input validation in Libreoffice

CVE-2014-9093

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.033 (87.4th percentile) — read the EPSS interpretation.

Affected products

Libreoffice
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 7.0
Fedoraproject Fedora — versions 20
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[oss-security] 20141119 CVE Request: LibreOffice -- several issues (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Issue Tracking)
FEDORA-2014-15486 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
DSA-3163 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
[oss-security] 20141126 Re: CVE Request: LibreOffice -- several issues (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
USN-2578-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
GLSA-201603-05 (vendor-advisory, x_refsource_GENTOO)