CVE-2017-9806

HIGH

OpenOffice Writer <4.1.4 - Memory Corruption

Title source: llm

Description

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

References (2)

[Vendor Advisory] http://www.openoffice.org/security/cves/CVE-2017-9806.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101585

Scores

CVSS v3 7.8

EPSS 0.0135

EPSS Percentile 79.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status draft

Affected Products (1)

apache/openoffice < 4.1.4

Timeline

Published Nov 20, 2017

Tracked Since Feb 18, 2026