CVE-2015-4551
MEDIUM severity · CVSS 4.3 · Information disclosure
4.3CVSS MEDIUM
Summary
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)14%
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected products we track (2)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/Advisory
- http://www.openoffice.org/security/cves/CVE-2015-4551.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-2619.htmlAdvisory
- http://www.debian.org/security/2015/dsa-3394Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlAdvisory
- http://www.securityfocus.com/bid/77486Advisory
- http://www.securitytracker.com/id/1034085Advisory
- http://www.securitytracker.com/id/1034091Advisory