CVE-2017-9806
7.8
HIGH
CVSS 3.1
EPSS 1.8%
Description
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
How to fix CVE-2017-9806
To remediate CVE-2017-9806, upgrade the affected package to a fixed version below.
- Debian/libreoffice—upgrade to 1:3.4.3-1 or later
Is CVE-2017-9806 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:3.4.3-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |