Vulnerability Description
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libreoffice | Libreoffice | <= 6.0.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105047Third Party AdvisoryVDB Entry
- https://bugs.documentfoundation.org/show_bug.cgi?id=118514Third Party Advisory
- http://www.securityfocus.com/bid/105047Third Party AdvisoryVDB Entry
- https://bugs.documentfoundation.org/show_bug.cgi?id=118514Third Party Advisory
FAQ
What is CVE-2018-14939?
CVE-2018-14939 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause...
How severe is CVE-2018-14939?
CVE-2018-14939 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-14939?
Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice.