Candidate: CVE-2017-9806
PublicDate: 2017-11-20 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9806
 https://www.talosintelligence.com/reports/TALOS-2017-0295
 https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806
 https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=bb494d6bd8c5868f34bd8f9444ed3eb401145f10
Description:
 A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and
 specifically in the WW8Fonts Constructor, allows attackers to craft
 malicious documents that cause denial of service (memory corruption and
 application crash) potentially resulting in arbitrary code execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_libreoffice:
upstream_libreoffice: released (1:3.4.3-1)
precise/esm_libreoffice: DNE
trusty_libreoffice: not-affected (1:4.2.8-0ubuntu5.1)
trusty/esm_libreoffice: DNE (trusty was not-affected [1:4.2.8-0ubuntu5.1])
xenial_libreoffice: not-affected (1:5.1.6~rc2-0ubuntu1~xenial2)
esm-infra/xenial_libreoffice: not-affected (1:5.1.6~rc2-0ubuntu1~xenial2)
zesty_libreoffice: not-affected (1:5.3.1-0ubuntu2)
artful_libreoffice: not-affected (1:5.4.1-0ubuntu1)
devel_libreoffice: not-affected (1:5.4.1-0ubuntu3)