Information disclosure in Apache Openoffice
CVE-2015-4551
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive inf…
Vulnerability class: Information Disclosure
EPSS: 0.078 (92.1th percentile) — read the EPSS interpretation.
Affected products
- Apache Openoffice
- Libreoffice
- Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
- Debian Debian_linux — versions 7.0, 8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 1034085 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- GLSA-201611-03 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- 1034091 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
- RHSA-2015:2619 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- USN-2793-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- 77486 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- GLSA-201603-05 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)