CVE-2015-5214

Description

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.

References

Link	Tags
https://security.gentoo.org/glsa/201611-03	vendor advisory
http://www.securitytracker.com/id/1034091	vdb entry
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://rhn.redhat.com/errata/RHSA-2015-2619.html	vendor advisory
http://www.ubuntu.com/usn/USN-2793-1	vendor advisory
http://www.securityfocus.com/bid/77486	vdb entry
http://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/	vendor advisory
http://www.openoffice.org/security/cves/CVE-2015-5214.html	vendor advisory
http://www.securitytracker.com/id/1034086	vdb entry
https://security.gentoo.org/glsa/201603-05	vendor advisory
http://www.debian.org/security/2015/dsa-3394	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2015-5214?: CVE-2015-5214 has been scored as a medium severity vulnerability.
How to fix CVE-2015-5214?: To fix CVE-2015-5214, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2015-5214 being actively exploited in the wild?: It is possible that CVE-2015-5214 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~10% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions