CVE-2016-4324 : Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.

Published 2016-07-08 19:59:00

Updated 2025-04-12 10:46:41

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2016-4324

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Libreoffice » Libreoffice
Versions up to, including, (<=) 5.1.3
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-4324

EPSS FAQ

0.67%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 69 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4324

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-4324

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4324

http://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/

CVE-2016-4324 | LibreOffice - Free Office Suite - Fun Project - Fantastic People
Vendor Advisory
http://www.talosintelligence.com/reports/TALOS-2016-0126/

TALOS-2016-0126 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
http://www.ubuntu.com/usn/USN-3022-1

USN-3022-1: LibreOffice vulnerability | Ubuntu security notices
http://www.securitytracker.com/id/1036209

LibreOffice RTF File Processing Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://www.debian.org/security/2016/dsa-3608

Debian -- Security Information -- DSA-3608-1 libreoffice
https://security.gentoo.org/glsa/201611-03

LibreOffice, OpenOffice: Multiple vulnerabilities (GLSA 201611-03) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/91499

LibreOffice CVE-2016-4324 Use After Free Remote Code Execution Vulnerability

Jump to

Vulnerability Details : CVE-2016-4324

Products affected by CVE-2016-4324

Exploit prediction scoring system (EPSS) score for CVE-2016-4324

CVSS scores for CVE-2016-4324

CWE ids for CVE-2016-4324

References for CVE-2016-4324