Integer Overflow Vulnerability in LibreOffice and Apache OpenOffice
CVE-2015-5213

Currently unrated

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Debian Linux
Vendor
CVE Published:
10 November 2015

What is CVE-2015-5213?

An integer overflow vulnerability exists in LibreOffice prior to version 4.4.5 and Apache OpenOffice prior to version 4.1.2. This flaw allows remote attackers to launch a denial of service attack through specially crafted DOC files. Exploiting this vulnerability could result in memory corruption and subsequent application crashes, and under certain conditions, it may also enable attackers to execute arbitrary code on the affected systems by triggering a buffer overflow.

References

http://www.securitytracker.com/id/1034085
vdb-entryx_refsource_SECTRACK
https://security.gentoo.org/glsa/201611-03
vendor-advisoryx_refsource_GENTOO
http://www.securitytracker.com/id/1034091
vdb-entryx_refsource_SECTRACK

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-5213 : Integer Overflow Vulnerability in LibreOffice and Apache OpenOffice