CVE-2015-4551
libreoffice - security update
EPSS 7.8%
Description
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
How to fix CVE-2015-4551
To remediate CVE-2015-4551, upgrade the affected package to a fixed version below.
- Debian/libreoffice—upgrade to 1:5.0.1~rc1-1 or later
- Debian/libreoffice—upgrade to 1:3.5.4+dfsg2-0+deb7u5 or later
Is CVE-2015-4551 being exploited?
Moderate — EPSS is 7.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1:5.0.1~rc1-1
- from 0, < 1:3.5.4+dfsg2-0+deb7u5