CVE-2014-3693

Description

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

How to fix CVE-2014-3693

To remediate CVE-2014-3693, upgrade the affected package to a fixed version below.

• Debian/libreoffice—upgrade to 1:4.3.3~rc2~git20141011-1 or later

Is CVE-2014-3693 being exploited?

Low — EPSS is 4.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:4.3.3~rc2~git20141011-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-3693