CVE-2016-4324

Published: Jul 8, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

Affected (5)

Products: Debian: Debian Linux · Libreoffice: Libreoffice · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	Up to 5.1.3

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://www.debian.org/security/2016/dsa-3608

Source: cret@cert.org

http://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/

Source: cret@cert.org

Vendor Advisory

http://www.securityfocus.com/bid/91499

Source: cret@cert.org

http://www.securitytracker.com/id/1036209

Source: cret@cert.org

http://www.talosintelligence.com/reports/TALOS-2016-0126/

Source: cret@cert.org

http://www.ubuntu.com/usn/USN-3022-1

Source: cret@cert.org

https://security.gentoo.org/glsa/201611-03

Source: cret@cert.org

http://www.debian.org/security/2016/dsa-3608