CVE-2014-9093

Published: Nov 26, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

Affected (6)

Products: Libreoffice: Libreoffice · Fedoraproject: Fedora · Canonical: Ubuntu Linux · +1 more

Show all products

Libreoffice: Libreoffice · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	Up to 4.3.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 20

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2015/dsa-3163

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/11/19/3

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2014/11/26/7

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.ubuntu.com/usn/USN-2578-1

Source: cve@mitre.org

Third Party Advisory

https://bugs.freedesktop.org/show_bug.cgi?id=86449

Source: cve@mitre.org

Issue Tracking

https://security.gentoo.org/glsa/201603-05

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html