CVE-2015-4551

Published: Nov 10, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

Affected (7)

Products: Libreoffice: Libreoffice · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Libreoffice: Libreoffice · Canonical: Ubuntu Linux · Debian: Debian Linux · Apache: Openoffice

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	Up to 4.4.4

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.04
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apache Openoffice	Up to 4.1.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://rhn.redhat.com/errata/RHSA-2015-2619.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2015/dsa-3394

Source: cve@mitre.org

Third Party Advisory

http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/

Source: cve@mitre.org

Vendor Advisory

http://www.openoffice.org/security/cves/CVE-2015-4551.html

Source: cve@mitre.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/77486

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034085

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034091

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2793-1

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201603-05

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201611-03

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2619.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2015/dsa-3394

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openoffice.org/security/cves/CVE-2015-4551.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/77486

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034085

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034091

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2793-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201603-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201611-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.