What is CVE-2017-12608?

CVE-2017-12608 is a high-severity vulnerability in Apache Openoffice, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2017-11-20.

How severe is CVE-2017-12608?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Apache Openoffice

CVE-2017-12608

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) poten…

Vulnerability class: Buffer Overflow

EPSS: 0.012 (78.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Apache Openoffice
Apache Software Foundation Openoffice — versions 4.0.0 to 4.1.3, and some previous releases, including some using our old OpenOffice.org brand
Debian Debian_linux — versions 7.0, 8.0

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security@apache.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
security@apache.org (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@apache.org (mailing-list, x_refsource_MLIST, Third Party Advisory)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-12608?: CVE-2017-12608 is a high-severity vulnerability in Apache Openoffice, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2017-11-20.
How severe is CVE-2017-12608?: High severity. CVSS v3 base score is 7.8 out of 10.