The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
2015-04-28T14:59:00.077
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.10 | Yes |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Application | apache | openoffice | ≤ 4.1.1 | Yes |
| Operating System | fedoraproject | fedora | 21 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
| Application | libreoffice | libreoffice | ≤ 4.3.6 | Yes |
| Application | libreoffice | libreoffice | 4.4.0 | Yes |
| Application | libreoffice | libreoffice | 4.4.1 | Yes |