CVE-2017-14226

DEB

Low

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attacker…

CVSS

3.3

Low

EPSS

0.02

p82

Published

2017-01-01

Updated

2017-01-01

Description

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.

Tags · CWE

CWE-122

CWE-125

CAPEC-92

CAPEC-540

Affected products

LibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpdLibwpd

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Timeline

2017-01-01

Published

2017-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: L

Low (L)

Exploit indicators

EPSS

0.025 · p82

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Product	Vendor	Status
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked
libwpd		Tracked

Showing first 20 of 26

Source databases

DEB

CVE

UBU