GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Dec 07, 2006 11:26 am Post subject: [ GLSA 200612-01 ] wv library: Multiple integer overflows |
 |
|
Gentoo Linux Security Advisory
Title: wv library: Multiple integer overflows (GLSA 200612-01)
Severity: normal
Exploitable: remote
Date: December 07, 2006
Bug(s): #153800
ID: 200612-01
Synopsis
The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code.
Background
wv is a library for conversion of MS Word DOC and RTF files.
Affected Packages
Package: app-text/wv
Vulnerable: < 1.2.3-r1
Unaffected: >= 1.2.3-r1
Architectures: All supported architectures
Description
The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows.
Impact
An attacker could craft a malicious file that, when handled with the wv library, could lead to the execution of arbitrary code with the permissions of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All wv library users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/wv-1.2.3-r1" |
References
CVE-2006-4513 |
|
News & Announcements
