Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2015-1774: CVE-2015-1774

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVE
#vulnerability#mac#windows#linux#dos#apache

CVE-2015-1774

Apache OpenOffice Advisory

Out-of-Bounds Write in HWP File Filter

Version 2.0
Announced April 27, 2015
Updated October 28, 2015

A vulnerability in OpenOffice’s HWP filter allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected
All Apache OpenOffice versions 4.1.1 and older are affected.
OpenOffice.org versions are also affected.

Mitigation

Update to Apache OpenOffice 4.1.2 or a later version.

This mitigation drops Apache OpenOffice support for documents created in “Hangul Word Processor” format. The filter is not installed; it will not be used if present.

Workarounds and Document Migration

Users of older HWP-format documents that are already trusted should convert those documents to other formats before removing the filter or upgrading to Apache OpenOffice version 4.1.2.

Apache OpenOffice users who do not upgrade can remove the problematic filter themselves. The filter is in the “program” folder of their OpenOffice installation. On Windows the filter is named "hwp.dll", on Mac OS X it is named “libhwp.dylib” and on Linux it is named "libhwp.so". Alternatively the filter can be renamed to anything else (e.g. “hwp_renamed.dll”) to disable its use.

Further Information

For additional information and assistance, consult the Apache OpenOffice Community Forums or make requests to the [email protected] public mailing list.

Credits

Thanks to an anonymous contributor working with VeriSign iDefense Labs.

Security Home -> Bulletin -> CVE-2015-1774

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907