cpe:/a:libwpd:libwpd_library:0.8.2 cpe:/a:libwpd:libwpd_library:0.8.6 cpe:/a:libwpd:libwpd_library:0.8.7 cpe:/a:libwpd:libwpd_library:0.8.8 CVE-2007-0002 2007-03-16T17:19:00.000-04:00 2017-10-10T21:31:31.533-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-03-19T08:14:00.000-04:00 ALLOWS_ADMIN_ACCESS SECTRACK 1017789 SUNALERT 102863 IDEFENSE 20070316 Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities BUGTRAQ 20070316 rPSA-2007-0057-1 libwpd BID 23006 SECUNIA 24465 SECUNIA 24507 SECUNIA 24557 SECUNIA 24572 SECUNIA 24573 SECUNIA 24580 SECUNIA 24581 SECUNIA 24588 SECUNIA 24591 SECUNIA 24593 SECUNIA 24613 SECUNIA 24794 SECUNIA 24856 SECUNIA 24906 VUPEN ADV-2007-0976 VUPEN ADV-2007-1032 VUPEN ADV-2007-1339 DEBIAN DSA-1268 DEBIAN DSA-1270 FEDORA FEDORA-2007-350 GENTOO GLSA-200704-07 GENTOO GLSA-200704-12 MANDRIVA MDKSA-2007:063 MANDRIVA MDKSA-2007:064 REDHAT RHSA-2007:0055 SLACKWARE SSA-2007-085-02 SUSE SUSE-SA:2007:023 UBUNTU USN-437-1 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=494122 Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.