Vulnerability Details : CVE-2017-12607
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
Vulnerability category: Memory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-12607
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12607
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-12607
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12607
-
https://www.debian.org/security/2017/dsa-4022
Debian -- Security Information -- DSA-4022-1 libreofficeThird Party Advisory
-
http://www.securitytracker.com/id/1039732
LibreOffice Out-of-Bounds Memory Write Error in PPT Stylesheet Parser Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.openoffice.org/security/cves/CVE-2017-12607.html
CVE-2017-12607Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html
[SECURITY] [DLA 1214-1] libreoffice security updateMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/101585
Apache OpenOffice Multiple Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039734
Apache OpenOffice Impress Out-of-Bounds Memory Write Error in PPTStyleSheet Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
Products affected by CVE-2017-12607
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*