CVE - CVE-2007-0002

CVE-ID
CVE-2007-0002	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20070316 Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490 BUGTRAQ:20070316 rPSA-2007-0057-1 libwpd URL:http://www.securityfocus.com/archive/1/archive/1/463033/100/0/threaded CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=494122 DEBIAN:DSA-1268 URL:http://www.debian.org/security/2007/dsa-1268 DEBIAN:DSA-1270 URL:http://www.debian.org/security/2007/dsa-1270 FEDORA:FEDORA-2007-350 URL:http://fedoranews.org/cms/node/2805 GENTOO:GLSA-200704-07 URL:http://security.gentoo.org/glsa/glsa-200704-07.xml GENTOO:GLSA-200704-12 URL:http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml MANDRIVA:MDKSA-2007:063 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:063 MANDRIVA:MDKSA-2007:064 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:064 REDHAT:RHSA-2007:0055 URL:http://www.redhat.com/support/errata/RHSA-2007-0055.html SLACKWARE:SSA-2007-085-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659 SUNALERT:102863 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1 SUSE:SUSE-SA:2007:023 URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html UBUNTU:USN-437-1 URL:http://www.ubuntu.com/usn/usn-437-1 BID:23006 URL:http://www.securityfocus.com/bid/23006 OVAL:oval:org.mitre.oval:def:11535 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11535 VUPEN:ADV-2007-0976 URL:http://www.vupen.com/english/advisories/2007/0976 VUPEN:ADV-2007-1032 URL:http://www.vupen.com/english/advisories/2007/1032 VUPEN:ADV-2007-1339 URL:http://www.vupen.com/english/advisories/2007/1339 SECTRACK:1017789 URL:http://www.securitytracker.com/id?1017789 SECUNIA:24507 URL:http://secunia.com/advisories/24507 SECUNIA:24557 URL:http://secunia.com/advisories/24557 SECUNIA:24572 URL:http://secunia.com/advisories/24572 SECUNIA:24580 URL:http://secunia.com/advisories/24580 SECUNIA:24573 URL:http://secunia.com/advisories/24573 SECUNIA:24581 URL:http://secunia.com/advisories/24581 SECUNIA:24593 URL:http://secunia.com/advisories/24593 SECUNIA:24465 URL:http://secunia.com/advisories/24465 SECUNIA:24794 URL:http://secunia.com/advisories/24794 SECUNIA:24856 URL:http://secunia.com/advisories/24856 SECUNIA:24906 URL:http://secunia.com/advisories/24906 SECUNIA:24588 URL:http://secunia.com/advisories/24588 SECUNIA:24613 URL:http://secunia.com/advisories/24613 SECUNIA:24591 URL:http://secunia.com/advisories/24591
Date Entry Created
20061219	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2007-0002