The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-05T18:00:00
Updated: 2024-08-05T09:46:24.850Z
Reserved: 2018-08-05T00:00:00
Link: CVE-2018-14939
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-08-05T18:29:00.207
Modified: 2024-11-21T03:50:07.800
Link: CVE-2018-14939
Redhat