What is CVE-2017-9806?

CVE-2017-9806 is a high-severity vulnerability in Apache Openoffice, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2017-11-20.

How severe is CVE-2017-9806?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Apache Openoffice

CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) poten…

Vulnerability class: Buffer Overflow

EPSS: 0.018 (83.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Apache Openoffice
Apache Software Foundation Openoffice — versions 4.0.0 to 4.1.3, and some previous releases, including some using our old OpenOffice.org brand

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

security@apache.org (x_refsource_CONFIRM, Vendor Advisory)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)

Frequently asked questions

What is CVE-2017-9806?: CVE-2017-9806 is a high-severity vulnerability in Apache Openoffice, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2017-11-20.
How severe is CVE-2017-9806?: High severity. CVSS v3 base score is 7.8 out of 10.