Computer Security
[EN] securityvulns.ru no-pyccku


libwpd /OpenOffice / AbiWord multiple security vulnerabilities
Published:17.03.2007
Source:
SecurityVulns ID:7418
Type:library
Threat Level:
6/10
Description:Multiple buffer overflows on Word Perfect documents parsing.
Affected:OPENOFFICE : OpenOffice 2.0
 OPENOFFICE : OpenOffice 2.1
 LIBWPD : libwpd 0.8
CVE:CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002.)
 CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities (17.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod