Published: 05/06/2017 Updated: 04/11/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Document Liberation Project libmwaw prior to 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libmwaw project libmwaw

Debian Bug report logs - #864366 CVE-2017-9433 Package: src:libmwaw; Maintainer for src:libmwaw is Debian LibreOffice Maintainers <debian-openoffice@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 7 Jun 2017 16:15:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found i ...

libmwaw could be made to crash or run programs as your login if it opened a specially crafted file ...

It was discovered that a buffer overflow in libmwaw, a library to open old Mac text documents might result in the execution of arbitrary code if a malformed document is opened For the stable distribution (jessie), this problem has been fixed in version 031-2+deb8u1 For the unstable distribution (sid), this problem has been fixed in version 03 ...

Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parsercxx ...

CWE-119 https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1037 http://www.debian.org/security/2017/dsa-3875 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864366 https://usn.ubuntu.com/3319-1/https://nvd.nist.gov

CVE-2017-9433

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect