Lucene search
UbuntuUSN-2331-1HistorySep 02, 2014 - 12:00 a.m.
LibreOffice vulnerability
2014-09-0200:00:00
ubuntu.com
34
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.6%
Releases
- Ubuntu 14.04 ESM
Packages
- libreoffice - Office productivity suite
Details
Rohan Durve and James Kettle discovered LibreOffice Calc sometimes allowed
for command injection when opening spreadsheets. If a user were tricked
into opening a crafted Calc spreadsheet, an attacker could exploit this to
run programs as your login.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | libreoffice-core | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | browser-plugin-libreoffice | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice-avmedia-backend-gstreamer | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice-base | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice-base-core | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice-base-drivers | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice-calc | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice-dbg | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libreoffice-dev | < 1:4.2.6.3-0ubuntu1 | UNKNOWN |
References
Related
ibm
ibm
Security Bulletin: CVE-2014-3524 CSV Injection in reports
2020-07-24 21:16:35
hackerone
hackerone
Consensys: CSV Injection at https://assets-paris-demo.codefi.network/
2022-10-25 08:59:53
nvd
nvd
CVE-2014-3524
2014-08-26 14:55:05
nessus
nessus
Ubuntu 14.04 LTS : LibreOffice vulnerability (USN-2331-1)
2014-09-03 00:00:00
LibreOffice 4.3.x < 4.3.1 Multiple Vulnerabilities
2014-12-17 00:00:00
Apache OpenOffice < 4.1.1 Multiple Vulnerabilities
2014-08-27 00:00:00
ubuntucve
ubuntucve
CVE-2014-3524
2014-08-26 00:00:00
securityvulns
securityvulns
CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability
2014-08-24 00:00:00
Apache OpenOffice security vulnerabilities
2014-08-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2331-1)
2014-09-03 00:00:00
Apache OpenOffice Multiple Vulnerabilities (Apr 2015) - Windows
2015-04-09 00:00:00
Apache OpenOffice Multiple Vulnerabilities -01 (May 2015) - Mac OS X
2015-06-01 00:00:00
cvelist
cvelist
CVE-2014-3524
2014-08-26 14:00:00
cve
cve
CVE-2014-3524
2014-08-26 14:55:05
prion
prion
Design/Logic Flaw
2014-08-26 14:55:00
gentoo
gentoo
LibreOffice, OpenOffice: Multiple vulnerabilities
2016-03-09 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.6%
Related for USN-2331-1