Vulnerability Description
Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libmwaw Project | Libmwaw | <= 0.3.11 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3875
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1037Issue TrackingThird Party AdvisoryVDB Entry
- https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253PatchThird Party Advisory
- http://www.debian.org/security/2017/dsa-3875
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1037Issue TrackingThird Party AdvisoryVDB Entry
- https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253PatchThird Party Advisory
FAQ
What is CVE-2017-9433?
CVE-2017-9433 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Pa...
How severe is CVE-2017-9433?
CVE-2017-9433 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-9433?
Check the references section above for vendor advisories and patch information. Affected products include: Libmwaw Project Libmwaw.