GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Apr 07, 2007 1:26 am Post subject: [ GLSA 200704-07 ] libwpd: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: libwpd: Multiple vulnerabilities (GLSA 200704-07)
Severity: normal
Exploitable: remote
Date: April 06, 2007
Bug(s): #169675
ID: 200704-07
Synopsis
libwpd is vulnerable to several heap overflows and an integer overflow.
Background
libwpd is a library used to convert Wordperfect documents into other
formats.
Affected Packages
Package: app-text/libwpd
Vulnerable: < 0.8.9
Unaffected: >= 0.8.9
Architectures: All supported architectures
Description
libwpd contains heap-based overflows in two functions that convert
WordPerfect document tables. In addition, it contains an integer
overflow in a text-conversion function.
Impact
An attacker could entice a user to convert a specially crafted
WordPerfect file, resulting in a crash or possibly the execution of
arbitrary code with the rights of the user running libwpd.
Workaround
There is no known workaround at this time.
Resolution
All libwpd users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/libwpd-0.8.9" |
References
CVE-2007-0002
CVE-2007-1466
Last edited by GLSA on Tue Dec 15, 2009 4:24 am; edited 2 times in total |
|