CVE-2015-4551: Infoleak
First published: Tue Nov 10 2015(Updated: )
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| LibreOffice Draw | <=4.4.4 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Apache OpenOffice | <=4.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2015-2619.html
- http://www.debian.org/security/2015/dsa-3394
- http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/
- http://www.openoffice.org/security/cves/CVE-2015-4551.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/77486
- http://www.securitytracker.com/id/1034085
- http://www.securitytracker.com/id/1034091
- http://www.ubuntu.com/usn/USN-2793-1
- https://security.gentoo.org/glsa/201603-05
- https://security.gentoo.org/glsa/201611-03
Frequently Asked Questions
What is the severity of CVE-2015-4551?
CVE-2015-4551 is classified as a medium severity vulnerability that allows potential information disclosure.
How do I fix CVE-2015-4551?
To fix CVE-2015-4551, users should upgrade LibreOffice to version 4.4.5 or higher and Apache OpenOffice to version 4.1.2 or higher.
Who is affected by CVE-2015-4551?
CVE-2015-4551 affects users of LibreOffice versions prior to 4.4.5 and Apache OpenOffice versions prior to 4.1.2 on various operating systems including Ubuntu and Debian.
What type of vulnerability is CVE-2015-4551?
CVE-2015-4551 is a stored configuration vulnerability that can be exploited to obtain sensitive information from crafted documents.
Can CVE-2015-4551 be exploited remotely?
Yes, CVE-2015-4551 can be exploited remotely through crafted OpenDocument Format files that embed sensitive data.
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/libreoffice
- canonical/libreoffice draw
- version/libreoffice draw/4.4.4
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/apache
- canonical/apache openoffice
- version/apache openoffice/4.1.1