CVE-2018-14939

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 6.0.6

Description The issue is related to the get app path function, which mishandles the realpath function in certain environments. This might allow attackers to cause a denial of service, such as a buffer overflow and application crash, or possibly have other unspecified impacts if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

Recommendations For versions prior to 6.0.6, update to version 6.0.6 or later to resolve the issue. As a temporary workaround, consider disabling the automatic launch of LibreOffice during web browsing to minimize the risk of exploitation.