Unrated severityNVD Advisory· Published Apr 28, 2015· Updated May 6, 2026

CVE-2015-1774

Description

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

Affected products

Apache/Openoffice
cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
Range: <=4.1.1
Libreoffice/Libreoffice3 versions
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*range: <=4.3.6
- cpe:2.3:a:libreoffice:libreoffice:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:libreoffice:libreoffice:4.4.1:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Fedoraproject/Fedora
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/pipermail/package-announce/2015-April/156582.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-May/157550.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-updates/2015-05/msg00015.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-1458.htmlnvdThird Party Advisory
www.debian.org/security/2015/dsa-3236nvdThird Party Advisory
www.openoffice.org/security/cves/CVE-2015-1774.htmlnvdVendor Advisory
www.securityfocus.com/bid/74338nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1032205nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1032206nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2578-1nvdThird Party Advisory
security.gentoo.org/glsa/201603-05nvdThird Party Advisory
www.libreoffice.org/about-us/security/advisories/cve-2015-1774/nvdVendor Advisory
www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000