CVE-2017-12608
First published: Mon Nov 20 2017(Updated: )
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/libreoffice | 1:6.1.5-3+deb10u7 1:6.1.5-3+deb10u10 1:7.0.4-4+deb11u7 4:7.4.7-1 4:7.5.6-1 4:7.5.8~rc1-1 | |
| Apache OpenOffice | <4.1.4 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.talosintelligence.com/reports/TALOS-2017-0301
- https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
- https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
- https://security-tracker.debian.org/tracker/CVE-2017-12608
- http://www.securityfocus.com/bid/101585
- http://www.securitytracker.com/id/1039733
- http://www.securitytracker.com/id/1039735
- https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html
- https://www.debian.org/security/2017/dsa-4022
- https://www.openoffice.org/security/cves/CVE-2017-12608.html
Frequently Asked Questions
What is CVE-2017-12608?
CVE-2017-12608 is a vulnerability in Apache OpenOffice Writer DOC file parser before version 4.1.4, which allows attackers to craft malicious documents that can cause denial of service, memory corruption, and application crashes, potentially leading to arbitrary code execution.
How does CVE-2017-12608 affect Apache OpenOffice?
CVE-2017-12608 affects Apache OpenOffice versions before 4.1.4, specifically in the ImportOldFormatStyles function of the DOC file parser.
What is the severity of CVE-2017-12608?
CVE-2017-12608 has a severity rating of 7.8 out of 10, which is considered high.
How can CVE-2017-12608 be fixed?
To fix CVE-2017-12608, users should update their Apache OpenOffice installations to version 4.1.4 or newer.
Where can I find more information about CVE-2017-12608?
More information about CVE-2017-12608 can be found at the following references: [Talos Intelligence](https://www.talosintelligence.com/reports/TALOS-2017-0301), [LibreOffice Security Advisories](https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608), [LibreOffice Commit Details](https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba).
- collector/security-tracker-debian
- agent/references
- agent/severity
- agent/weakness
- agent/event
- agent/type
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/apache
- canonical/apache openoffice
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0