The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) prior to 3.4, allows remote malicious users to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux optional productivity applications |
||
redhat enterprise linux desktop 5.0 |
||
libwpd libwpd 0.8.8 |
||
apache openoffice.org 3.3 |
||
apache openoffice.org |