CVE-2017-12607

NameCVE-2017-12607
DescriptionA vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1214-1, DSA-4022-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libreoffice (PTS)jessie, jessie (lts)1:4.3.3-2+deb8u15fixed
stretch (security)1:5.2.7-1+deb9u11fixed
stretch (lts), stretch1:6.1.5-3+deb9u5fixed
buster, buster (lts)1:6.1.5-3+deb10u14fixed
buster (security)1:6.1.5-3+deb10u12fixed
bullseye1:7.0.4-4+deb11u10fixed
bullseye (security)1:7.0.4-4+deb11u11fixed
bookworm (security), bookworm4:7.4.7-1+deb12u5fixed
trixie4:24.8.3-3fixed
sid4:24.8.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libreofficesourcewheezy1:3.5.4+dfsg2-0+deb7u10DLA-1214-1
libreofficesourcejessie1:4.3.3-2+deb8u9DSA-4022-1
libreofficesource(unstable)1:5.0.2-1

Notes

https://www.talosintelligence.com/reports/TALOS-2017-0300
https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1

Search for package or bug name: Reporting problems