CVE-2015-1774

2015-04-2814:59:00

CWE-787

[email protected]

web.nvd.nist.gov

147

cve-2015-1774

hwp filter

libreoffice

apache openoffice

denial of service

arbitrary code

out-of-bounds write

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.7%

JSON

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
apache:openofficeapache openofficele4.1.1
fedoraproject:fedorafedoraproject fedoraeq21
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0
redhat:enterprise_linux_serverredhat enterprise linux servereq6.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq6.0

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
apache:openoffice	apache openoffice	le	4.1.1
fedoraproject:fedora	fedoraproject fedora	eq	21
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	6.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	6.0