CVE-2014-9093 — libreoffice - security update

Description

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

How to fix CVE-2014-9093

To remediate CVE-2014-9093, upgrade the affected package to a fixed version below.

Debian/libreoffice—upgrade to 1:4.3.3-2 or later
Debian/libreoffice—upgrade to 1:3.5.4+dfsg2-0+deb7u3 or later

Is CVE-2014-9093 being exploited?

Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1:4.3.3-2
from 0, < 1:3.5.4+dfsg2-0+deb7u3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-9093