CVE-2017-12607
libreoffice - security update
7.8
HIGH
CVSS 3.1
EPSS 0.63%
Description
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
How to fix CVE-2017-12607
To remediate CVE-2017-12607, upgrade the affected package to a fixed version below.
- —upgrade to 1:5.0.2-1 or later
- —upgrade to 1:3.5.4+dfsg2-0+deb7u10 or later
- —upgrade to 1:4.3.3-2+deb8u9 or later
Is CVE-2017-12607 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1:5.0.2-1
- from 0, < 1:3.5.4+dfsg2-0+deb7u10
- from 0, < 1:4.3.3-2+deb8u9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |