{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/"}, {"name": "62396", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62396"}, {"name": "71351", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71351"}, {"name": "USN-2398-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2398-1"}, {"name": "RHSA-2015:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"name": "62132", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62132"}, {"name": "openSUSE-SU-2014:1412", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html"}, {"name": "62111", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62111"}, {"name": "GLSA-201603-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-05"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:18.260Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/"}, {"name": "62396", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62396"}, {"name": "71351", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71351"}, {"name": "USN-2398-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2398-1"}, {"name": "RHSA-2015:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"name": "62132", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62132"}, {"name": "openSUSE-SU-2014:1412", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html"}, {"name": "62111", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62111"}, {"name": "GLSA-201603-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-05"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3693", "datePublished": "2014-11-07T19:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.260Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9107E38E-E815-4B0D-A4B2-14D4E046D8C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C783766-1340-4AEB-9822-EA175763A54D", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "56B6659D-C29A-4F1D-B1D4-3DD439D8AFA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "86953074-1B45-40A8-99F8-281B5666D1A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F60E30C7-DA1F-40BC-BF41-1D4A7C298ECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8B8D6B9A-0FCC-4AAD-9AB9-0E51DCC7280B", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FA4F905-2CD3-4DC7-A448-686C8C66EB2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D49E9AE-8A66-44E8-9ED9-86AED2236B79", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DDC93FD4-C720-4018-9AEF-496EFF718257", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5B760AC5-EB16-4FD1-8099-50A4C12B6D06", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "65E02231-DACA-4750-BFAB-680A529F7B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F7DC987-8802-4B00-804B-50AA41A6D1FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9BE7094-E163-49D0-BC53-1B706C96B73F", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "49AA7F09-9550-495E-B325-DBC5EB5E4FC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "2C8FD3B3-9C32-4177-AC13-B74E0D553F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "868731BE-8CD3-4C18-80E3-753A95187B6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "978F7E8B-0224-43DC-8818-4BE298E45D16", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "4F263182-1B6D-4CB8-BB62-91A52C926E91", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C8BCD6C8-8FCD-4FBC-806B-21A96E2FC5A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D1551AC-D6AB-4FCF-B097-76F98F7D8B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7A184C9-F26A-4A5C-9834-6639D6D19B53", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en el gestor del socket de Impress Remote en LibreOffice 4.x anterior a 4.2.7 y 4.3.x anterior a 4.3.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al puerto TCP 1599."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "id": "CVE-2014-3693", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-07T19:55:03.340", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62111"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62132"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62396"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71351"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2398-1"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201603-05"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2398-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libabw-0:0.0.2-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libcmis-0:0.4.1-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libetonyek-0:0.0.4-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libfreehand-0:0.0.0-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "liblangtag-0:0.5.4-8.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libmwaw-0:0.2.0-4.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libodfgen-0:0.0.4-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libreoffice-1:4.2.6.3-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0377", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "mdds-0:0.10.3-1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Use-After-Free in socket manager of Impress Remote", "id": "1164733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164733"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.", "A use-after-free flaw was found in the \"Remote Control\" capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress."], "name": "CVE-2014-3693", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2014-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3693\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3693\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2014-3693"], "threat_severity": "Moderate"}