CVE-2007-0002

Publication date 16 March 2007

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

Status

Package Ubuntu Release Status
libwpd 7.04 feisty
Fixed 0.8.9-1
6.10 edgy
Fixed 0.8.6-1ubuntu0.1
6.06 LTS dapper
Fixed 0.8.4-2ubuntu0.1
openoffice.org 7.04 feisty
Fixed 2.2.0-1ubuntu4
6.10 edgy
Fixed 2.0.4-0ubuntu6
6.06 LTS dapper
Fixed 2.0.2-2ubuntu12.4
openoffice.org-amd64 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper
Fixed 2.0.2-2ubuntu12.4-1
openoffice.org-l10n 7.04 feisty
Fixed 2.2.0-0ubuntu2
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

References

Related Ubuntu Security Notices (USN)

    • USN-437-1
    • libwpd vulnerability
    • 19 March 2007

Other references