CVE-2017-9433
CRITICALDocument Liberation Project libmwaw <2017-04-08 - Buffer Overflow
Title source: llmDescription
Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1037
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3875
Scores
CVSS v3
9.8
EPSS
0.0228
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
libmwaw_project/libmwaw
< 0.3.11
Published
Jun 05, 2017
Tracked Since
Feb 18, 2026