What is CVE-2017-12607?

CVE-2017-12607 is a high-severity vulnerability in Apache Openoffice, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2017-11-20.

How severe is CVE-2017-12607?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Apache Openoffice

CVE-2017-12607

A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (70.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Apache Openoffice
Apache Software Foundation Openoffice — versions 4.0.0 to 4.1.3, and some previous releases, including some using our old OpenOffice.org brand
Debian Debian_linux — versions 7.0, 8.0

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

security@apache.org (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
security@apache.org (x_refsource_CONFIRM, Vendor Advisory)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@apache.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-12607?: CVE-2017-12607 is a high-severity vulnerability in Apache Openoffice, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2017-11-20.
How severe is CVE-2017-12607?: High severity. CVSS v3 base score is 7.8 out of 10.