VIR Vulnerability Intelligence Relay

CVE-2014-3693

high
Published 2014-11-07 · Modified 2026-05-06
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-3693

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.ubuntu.com/usn/USN-2398-1

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1:4.3.3~rc2~git20141011-1
debian debianbullseyefixed1:4.3.3~rc2~git20141011-1
debian debianforkyfixed1:4.3.3~rc2~git20141011-1
debian debiansidfixed1:4.3.3~rc2~git20141011-1
debian debiantrixiefixed1:4.3.3~rc2~git20141011-1
suse suse13.1affected
ubuntu ubuntu14.04affected
ubuntu ubuntu14.10affected
redhat rhel7.0affected

Application impact
VendorProductVersionsFixed
libreofficelibreoffice4.0.0
libreofficelibreoffice4.0.1
libreofficelibreoffice4.0.2
libreofficelibreoffice4.0.3
libreofficelibreoffice4.0.3.3
libreofficelibreoffice4.0.4.2
libreofficelibreoffice4.1.0
libreofficelibreoffice4.1.1
libreofficelibreoffice4.1.2
libreofficelibreoffice4.1.3
libreofficelibreoffice4.1.4
libreofficelibreoffice4.2.0
libreofficelibreoffice4.2.1
libreofficelibreoffice4.2.2
libreofficelibreoffice4.2.3
libreofficelibreoffice4.2.4
libreofficelibreoffice4.2.5
libreofficelibreoffice4.2.6
libreofficelibreoffice4.3.0
libreofficelibreoffice4.3.1
libreofficelibreoffice4.3.2

References

Verify integrity in audit chain (admin only). AS-IS.