LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html
www.debian.org/security/2015/dsa-3163
www.openwall.com/lists/oss-security/2014/11/19/3
www.openwall.com/lists/oss-security/2014/11/26/7
www.ubuntu.com/usn/USN-2578-1
bugs.freedesktop.org/show_bug.cgi?id=86449
security.gentoo.org/glsa/201603-05