An exploitable out of bound write vulnerability exists in the WW8Fonts::WW8Fonts functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause an out of bound write potentially resulting in arbitrary code execution. An attacker can send/provide a malicious doc file to trigger this vulnerability. External References: https://www.talosintelligence.com/reports/TALOS-2017-0295 https://www.openoffice.org/security/cves/CVE-2017-9806.html https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806
Created libreoffice tracking bugs for this issue: Affects: fedora-all [bug 1507808]
Is there any reproducer? Or even a hint whether libreoffice is vulnerable too? It seems to me that this was addressed by https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=bb494d6bd8c5868f34bd8f9444ed3eb401145f10 ~6 years ago...
Caolan confirms this is fixed by the mentioned commit, so no current Fedora is vulnerable.
As per Libreoffice advisory mentioned in comment 0 , this issue was fixed in LO version 3.4.3, hence not version of Libreoffice shipped with Red Hat Enterprise Linux or Fedora is affected.