Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-9093

Published: 26 November 2014

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

Notes

AuthorNote
mdeslaur
code is different in 4.2 and earlier. Upstream has no patch for
earlier releases.
debian released 1:3.5.4+dfsg2-0+deb7u3 with backported patch.

Priority

Low

Status

Package Release Status
openoffice.org
Launchpad, Ubuntu, Debian
lucid Ignored
(end of life)
upstream Needs triage

precise Not vulnerable
(transitional packages)
trusty Does not exist

utopic Does not exist

vivid Does not exist

libreoffice
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (1:3.5.7-0ubuntu8)
trusty
Released (1:4.2.8-0ubuntu2)
upstream Not vulnerable

utopic
Released (1:4.3.7~rc2-0ubuntu1)
vivid Not vulnerable
(1:4.4.1-0ubuntu1)
Patches:
upstream: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401