PublicDateAtUSN: 2017-06-04
Candidate: CVE-2017-9433
PublicDate: 2017-06-05 03:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1037
 https://ubuntu.com/security/notices/USN-3319-1
Description:
 Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds
 write caused by a heap-based buffer overflow related to the
 MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864366
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libmwaw:
 upstream: https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/
upstream_libmwaw: released (0.3.9-2)
precise/esm_libmwaw: DNE
trusty_libmwaw: released (0.1.11-1ubuntu1.1)
trusty/esm_libmwaw: DNE (trusty was released [0.1.11-1ubuntu1.1])
vivid/stable-phone-overlay_libmwaw: DNE
vivid/ubuntu-core_libmwaw: DNE
xenial_libmwaw: released (0.3.7-1ubuntu2.1)
esm-infra/xenial_libmwaw: released (0.3.7-1ubuntu2.1)
yakkety_libmwaw: released (0.3.8-2ubuntu0.1)
zesty_libmwaw: released (0.3.9-1ubuntu0.1)
devel_libmwaw: not-affected (0.3.9-2)