CVE-2017-12608

NameCVE-2017-12608
DescriptionA vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1214-1, DSA-4022-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libreoffice (PTS)buster1:6.1.5-3+deb10u7fixed
buster (security)1:6.1.5-3+deb10u4fixed
bullseye (security), bullseye1:7.0.4-4+deb11u1fixed
bookworm1:7.4.0~rc2-3fixed
sid1:7.4.0~rc3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libreofficesourcewheezy1:3.5.4+dfsg2-0+deb7u10DLA-1214-1
libreofficesourcejessie1:4.3.3-2+deb8u9DSA-4022-1
libreofficesource(unstable)1:5.0.2-1

Notes

https://www.talosintelligence.com/reports/TALOS-2017-0301
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba

Search for package or bug name: Reporting problems