Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-1268-1 | New libwpd packages fix arbitrary code execution |
![]() |
DSA-1270-1 | New OpenOffice.org packages fix several vulnerabilities |
![]() |
DSA-1270-2 | New OpenOffice.org packages fix several vulnerabilities |
![]() |
EUVD-2007-0006 | Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466. |
![]() |
USN-437-1 | libwpd vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-07T12:03:36.975Z
Reserved: 2006-12-19T00:00:00
Link: CVE-2007-0002

No data.

Status : Deferred
Published: 2007-03-16T21:19:00.000
Modified: 2025-04-09T00:30:58.490
Link: CVE-2007-0002


No data.