7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.144 Low
EPSS
Percentile
95.2%
A use after free vulnerability was found in the RTF parser of
LibreOffice. The vulnerability lies in the parsing of documents
containing both stylesheet and superscript tokens. A specially crafted
RTF document containing both a stylesheet and superscript element
causes LibreOffice to access an invalid pointer referencing previously
used memory on the heap. By carefully manipulating the contents of the
heap, this vulnerability can be used to execute arbitrary code.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | libreoffice-fresh | < 5.1.4-1 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.144 Low
EPSS
Percentile
95.2%