PT-2016-2305 · Document Foundation+3 · Libreoffice+3

Aleksandar Nikolic

Published

2016-06-29

Updated

2024-06-15

CVE-2016-4324

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 5.1.4

Description The issue is related to a use-after-free condition in LibreOffice, allowing remote attackers to execute arbitrary code through a manipulated RTF file. This is connected to the stylesheet and superscript tokens. The vulnerability can be exploited by an attacker using a specially crafted RTF file, potentially leading to the execution of arbitrary code.

Recommendations For versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RTF files from untrusted sources until the update is applied. Restrict access to the stylesheet and superscript tokens in RTF files to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2016-1754

BDU:2016-01694

CVE-2016-4324

DLA-581-1

DSA-3608-1

MGASA-2016-0246

OPENSUSE-SU-2024:10006-1

SUSE-SU-2016:2472-1

SUSE-SU-2016_2472-1

USN-3022-1

Affected Products

Alt Linux

Libreoffice

Suse

Ubuntu

PT-2016-2305 · Document Foundation+3 · Libreoffice+3

CVE-2016-4324

Weakness Enumeration

Related Identifiers

Affected Products

References · 55