Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) prior to 0.8.9 allow user-assisted remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libwpd libwpd library |
||
libwpd libwpd library 0.8.2 |
||
libwpd libwpd library 0.8.6 |
||
libwpd libwpd library 0.8.7 |