Vulnerability CVE-2015-1774

Vulnerability Name:

CVE-2015-1774 (CCN-102655)

Assigned:

2015-04-27

Published:

2015-04-27

Updated:

2022-02-07

Summary:

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-787
CWE-822

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-1774

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-7022

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-7213

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2015:0859

Source: REDHAT
Type: Third Party Advisory
RHSA-2015:1458

Source: DEBIAN
Type: Third Party Advisory
DSA-3236

Source: CCN
Type: LibreOffice Web site
CVE-2015-1774 Out of bounds write in HWP file filter

Source: CCN
Type: Apache Web site
OpenOffice HWP Filter Remote Code Execution and Denial of Service Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2015-1774.html

Source: BID
Type: Third Party Advisory, VDB Entry
74338

Source: CCN
Type: BID-74338
Apache OpenOffice HWP Filter Memory Corruption Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1032205

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1032206

Source: UBUNTU
Type: Third Party Advisory
USN-2578-1

Source: XF
Type: UNKNOWN
apache-openoffice-cve20151774-bo(102655)

Source: GENTOO
Type: Third Party Advisory
GLSA-201603-05

Source: CONFIRM
Type: Vendor Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2015-1774/

Source: IDEFENSE
Type: Third Party Advisory
20150427 Multiple Vendor LibreOffice "HWPFILTER" Out Of Bounds Access Vulnerability

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-1774

Vulnerable Configuration:

Configuration 1:

cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:apache:openoffice:*:*:*:*:*:*:*:* (Version <= 4.1.1)

Configuration 4:

cpe:/o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:libreoffice:libreoffice:*:*:*:*:*:*:*:* (Version <= 4.3.6)

OR cpe:/a:libreoffice:libreoffice:4.4.0:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:4.4.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libreoffice:libreoffice:4.3.6:*:*:*:*:*:*:*

OR cpe:/a:libreoffice:libreoffice:4.4.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20151774	V	CVE-2015-1774	2022-05-20
oval:org.opensuse.security:def:11147	P	Security update for transfig (Important)	2021-11-18
oval:org.opensuse.security:def:46056	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:47278	P	gstreamer-plugins-base-1.8.3-12.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46966	P	hardlink-1.0-6.38 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47112	P	openvpn-2.3.8-16.6.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47916	P	w3m-0.5.3.git20161120-160.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47050	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47176	P	wget-1.14-10.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47970	P	chrony-2.3-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47207	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11236	P	Security update for roundcubemail (Important)	2021-07-06
oval:org.opensuse.security:def:11606	P	libgnomesu-1.0.0-352.84 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12288	P	libwmf-0_2-7-0.2.8.4-242.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11307	P	gdk-pixbuf-loader-rsvg-2.40.2-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46752	P	libneon27-0.30.0-3.65 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11315	P	gnutls-3.2.15-1.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11445	P	python-2.7.7-2.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11615	P	libjson-c2-0.11-2.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16502	P	libcurl-devel-7.60.0-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46382	P	apache2-mod_nss-1.0.8-9.32 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11337	P	libXext6-1.3.2-3.61 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11464	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16510	P	libgcrypt-devel-1.6.1-16.61.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11874	P	libcgroup1-0.41.rc1-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11628	P	libopenssl0_9_8-0.9.8j-81.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46514	P	librpcsecgss3-0.19-16.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11383	P	libopenssl0_9_8-0.9.8j-59.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11539	P	gdk-pixbuf-lang-2.30.6-1.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16544	P	libneon-devel-0.30.0-3.64 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11896	P	libjasper1-1.900.1-170.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12266	P	libsoup-2_4-1-2.54.1-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46605	P	DirectFB-1.7.1-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11430	P	pam-modules-12.1-23.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11564	P	java-1_8_0-openjdk-1.8.0.65-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16629	P	openslp-devel-2.0.0-18.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11223	P	Security update for singularity (Moderate)	2021-05-30
oval:org.opensuse.security:def:11214	P	Security update for prosody (Important)	2021-05-18
oval:org.opensuse.security:def:11172	P	Security update for segv_handler (Moderate)	2021-02-02
oval:org.opensuse.security:def:41109	P	Security update for ImageMagick (Moderate)	2021-01-15
oval:org.opensuse.security:def:19624	P	Security update for hawk2 (Important)	2021-01-12
oval:org.opensuse.security:def:19598	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:40692	P	Security update for openssl1 (Important)	2020-12-09
oval:org.opensuse.security:def:16686	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16895	P	libsvn_auth_gnome_keyring-1-0-1.10.6-1.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16952	P	ppp-devel-2.4.7-3.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16717	P	eog-devel-3.20.4-7.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16964	P	ruby-devel-2.1-1.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16753	P	gwenhywfar-devel-4.9.0beta-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16986	P	xfsprogs-devel-4.15.0-1.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16863	P	libpcap-devel-1.8.1-10.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:24372	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:24698	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:52749	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53322	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:53987	P	java-1_7_0-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17624	P	Security update for tidy (Low)	2020-12-01
oval:org.opensuse.security:def:40412	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:40868	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:18960	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:46190	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25085	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:10945	P	id3lib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11072	P	libsvn_auth_kwallet-1-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54153	P	aaa_base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55622	P	Recommended update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:40984	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:41747	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:52748	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:18591	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:18833	P	Security update for podofo (Moderate)	2020-12-01
oval:org.opensuse.security:def:24435	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:24781	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:52771	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53428	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:17650	P	Recommended update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:40157	P	Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 (Important)	2020-12-01
oval:org.opensuse.security:def:40521	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:40932	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:25129	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10991	P	libevent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54191	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41029	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:41792	P	Recommended update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:40156	P	Recommended update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18649	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:18866	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:24561	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:24931	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:52911	P	Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53594	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:40168	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:40590	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:18924	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:46057	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:18462	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:11038	P	libopus-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54272	P	libipa_hbac0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41058	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:18470	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:18683	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:24642	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:24984	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:10915	P	freerdp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53149	P	Security update for ldb, samba (Important)	2020-12-01
oval:org.opensuse.security:def:53879	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:40260	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:18936	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:46070	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25071	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25802	P	Recommended update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:10923	P	gegl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11053	P	libpulse-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54079	P	libyaml-0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55548	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:24362	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:18505	P	Security update for postgresql96 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18721	P	Security update for openssl (Moderate)	2020-12-01
oval:org.cisecurity:def:175	P	DSA-3236-1 -- libreoffice -- security update	2016-02-08
oval:com.redhat.rhba:def:20152197	P	RHBA-2015:2197: libreoffice bug fix and enhancement update (Moderate)	2015-11-23
oval:org.opensuse.security:def:78256	P	Recommended update for LibreOffice (Moderate)	2015-10-10
oval:com.redhat.rhsa:def:20151458	P	RHSA-2015:1458: libreoffice security, bug fix, and enhancement update (Moderate)	2015-07-22
oval:com.ubuntu.precise:def:20151774000	V	CVE-2015-1774 on Ubuntu 12.04 LTS (precise) - medium.	2015-04-28
oval:com.ubuntu.trusty:def:20151774000	V	CVE-2015-1774 on Ubuntu 14.04 LTS (trusty) - medium.	2015-04-28

BACK