github - ghsa-f454-5wwx-q3hc

ghsa-f454-5wwx-q3hc

Vulnerability from github

Published

2022-05-13 01:03

Modified

2022-05-13 01:03

Severity

7.8 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-20T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.",
  "id": "GHSA-f454-5wwx-q3hc",
  "modified": "2022-05-13T01:03:57Z",
  "published": "2022-05-13T01:03:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9806"
    },
    {
      "type": "WEB",
      "url": "http://www.openoffice.org/security/cves/CVE-2017-9806.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101585"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2017-9806

Vulnerability from cvelistv5

Published

2017-11-20 17:00

Modified

2024-09-16 22:45

Severity

Summary

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

References

URL	Tags
http://www.openoffice.org/security/cves/CVE-2017-9806.html	x_refsource_CONFIRM
http://www.securityfocus.com/bid/101585	vdb-entry, x_refsource_BID

Impacted products

Vendor	Product
Apache Software Foundation	Apache OpenOffice

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:02.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2017-9806.html"
          },
          {
            "name": "101585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101585"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache OpenOffice",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0 to 4.1.3, and some previous releases, including some using our old OpenOffice.org brand"
            }
          ]
        }
      ],
      "datePublic": "2017-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Potential Arbitrary Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-21T10:57:01",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2017-9806.html"
        },
        {
          "name": "101585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101585"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2017-11-18T00:00:00",
          "ID": "CVE-2017-9806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache OpenOffice",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.0 to 4.1.3, and some previous releases, including some using our old OpenOffice.org brand"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Potential Arbitrary Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2017-9806.html",
              "refsource": "CONFIRM",
              "url": "http://www.openoffice.org/security/cves/CVE-2017-9806.html"
            },
            {
              "name": "101585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101585"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-9806",
    "datePublished": "2017-11-20T17:00:00Z",
    "dateReserved": "2017-06-21T00:00:00",
    "dateUpdated": "2024-09-16T22:45:39.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.