Detections
Analytics

LibreOffice < 4.4.5 Multiple Vulnerabilities (Mac OS X)

medium Nessus Plugin ID 86902

Language:

Synopsis

The remote host has an application installed that is affected by multiple vulnerabilities.

Description

The version of LibreOffice installed on the remote Mac OS X host is prior to 4.4.5. It is, therefore, affected by the following vulnerabilities :

 - An information disclosure vulnerability exists due to the use of stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links. A remote attacker can exploit this, via a specially crafted ODF document, to to obtain sensitive information. (CVE-2015-4551)

 - An integer underflow condition exists in the ReadJobSetup() function due to improper validation of user-supplied input when handling printer settings. A remote attacker can exploit this, via specially crafted PrinterSetup data in an ODF document, to cause a denial of service condition or the execution of arbitrary code.
 (CVE-2015-5212)

 - An integer underflow condition exists in the WW8ScannerBase::OpenPieceTable() function due to improper validation of user-supplied input when handling the PieceTable counter. A remote attacker can exploit this, via a specially crafted .DOC file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5213)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LibreOffice version 4.4.5 (4.4.5.2) or later.

See Also

http://www.nessus.org/u?cdf2c164

http://www.nessus.org/u?8a5c0096

http://www.nessus.org/u?1b2d335c

http://listarchives.documentfoundation.org/www/announce/msg00241.html

Plugin Details

Severity: Medium

ID: 86902

File Name: macosx_libreoffice_445.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 11/17/2015

Updated: 11/20/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-5213

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: installed_sw/LibreOffice, Host/MacOSX/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/30/2015

Vulnerability Publication Date: 11/5/2015

Reference Information

CVE: CVE-2015-4551, CVE-2015-5212, CVE-2015-5213