The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-05T18:00:00

Updated: 2024-08-05T09:46:24.850Z

Reserved: 2018-08-05T00:00:00

Link: CVE-2018-14939

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-05T18:29:00.207

Modified: 2024-11-21T03:50:07.800

Link: CVE-2018-14939

cve-icon Redhat

Severity : Low

Publid Date: 2018-07-03T00:00:00Z

Links: CVE-2018-14939 - Bugzilla