{
  "threat_severity" : "Moderate",
  "public_date" : "2014-08-21T00:00:00Z",
  "bugzilla" : {
    "description" : "libreoffice/openoffice.org: CSV command injection and DDE formulas",
    "id" : "1134172",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1134172"
  },
  "cvss" : {
    "cvss_base_score" : "4.6",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
    "status" : "draft"
  },
  "details" : [ "Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet." ],
  "statement" : "Not vulnerable. This issue does not affect the version of OpenOffice as shipped in Red Hat Enterprise Linux 5. This issue does not affect the version of LibreOffice as shipped in Red Hat Enterprise Linux 6 and 7.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "openoffice.org",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libreoffice",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libreoffice",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-3524\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3524" ],
  "name" : "CVE-2014-3524",
  "csaw" : false
}