CVE-2015-4551 — MEDIUM (4.3)

Q: How severe is CVE-2015-4551?

CVE-2015-4551 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-4551?

Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice, Canonical Ubuntu Linux, Debian Debian Linux, Apache Openoffice.

Vulnerability Description

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Libreoffice	Libreoffice	<= 4.4.4
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	7.0
Apache	Openoffice	<= 4.1.1

Related Weaknesses (CWE)

CWE-200

References

http://rhn.redhat.com/errata/RHSA-2015-2619.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3394Third Party Advisory
http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2015-4551.htmlVendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.hThird Party Advisory
http://www.securityfocus.com/bid/77486Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034085Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034091Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2793-1Third Party Advisory
https://security.gentoo.org/glsa/201603-05Third Party Advisory
https://security.gentoo.org/glsa/201611-03Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2619.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3394Third Party Advisory
http://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2015-4551.htmlVendor Advisory

FAQ

What is CVE-2015-4551?

CVE-2015-4551 is a vulnerability with a CVSS score of 4.3 (MEDIUM). LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow r...

How severe is CVE-2015-4551?

CVE-2015-4551 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4551?

Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice, Canonical Ubuntu Linux, Debian Debian Linux, Apache Openoffice.