Integer Overflow Vulnerability in LibreOffice and Apache OpenOffice
CVE-2015-5213

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 10 November 2015

Summary

An integer overflow vulnerability exists in LibreOffice prior to version 4.4.5 and Apache OpenOffice prior to version 4.1.2. This flaw allows remote attackers to launch a denial of service attack through specially crafted DOC files. Exploiting this vulnerability could result in memory corruption and subsequent application crashes, and under certain conditions, it may also enable attackers to execute arbitrary code on the affected systems by triggering a buffer overflow.

References

http://www.securitytracker.com/id/1034085

vdb-entryx_refsource_SECTRACK

https://security.gentoo.org/glsa/201611-03

vendor-advisoryx_refsource_GENTOO

http://www.securitytracker.com/id/1034091

vdb-entryx_refsource_SECTRACK

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 10, 2015
Vulnerability Reserved
Jul 1, 2015