Bug 638334

Description GLSAMaker/CVETool Bot 2017-11-21 16:29:14 UTC

CVE-2017-9806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9806):
  A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and
  specifically in the WW8Fonts Constructor, allows attackers to craft
  malicious documents that cause denial of service (memory corruption and
  application crash) potentially resulting in arbitrary code execution.

CVE-2017-3157 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3157):
  By exploiting the way Apache OpenOffice before 4.1.4 renders embedded
  objects, an attacker could craft a document that allows reading in a file
  from the user's filesystem. Information could be retrieved by the attacker
  by, e.g., using hidden sections to store the information, tricking the user
  into saving the document and convincing the user to send the document back
  to the attacker. The vulnerability is mitigated by the need for the attacker
  to know the precise file path in the target system, and the need to trick
  the user into saving the document and sending it back.

CVE-2017-12608 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12608):
  A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4,
  and specifically in ImportOldFormatStyles, allows attackers to craft
  malicious documents that cause denial of service (memory corruption and
  application crash) potentially resulting in arbitrary code execution.

CVE-2017-12607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12607):
  A vulnerability in OpenOffice's PPT file parser before 4.1.4, and
  specifically in PPTStyleSheet, allows attackers to craft malicious documents
  that cause denial of service (memory corruption and application crash)
  potentially resulting in arbitrary code execution.