CVE-2007-0002 - Vulnerability Details

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libwpd	Libwpd Library
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:libwpd:libwpd_library::::::::
	cpe:2.3:a:libwpd:libwpd_library:0.8.2:::::::*
	cpe:2.3:a:libwpd:libwpd_library:0.8.6:::::::*
	cpe:2.3:a:libwpd:libwpd_library:0.8.7:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
libwpd-0:0.8.7-3.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0055	2007-03-16T00:00:00Z

References

Link	Providers
http://fedoranews.org/cms/node/2805
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html
http://secunia.com/advisories/24465
http://secunia.com/advisories/24507
http://secunia.com/advisories/24557
http://secunia.com/advisories/24572
http://secunia.com/advisories/24573
http://secunia.com/advisories/24580
http://secunia.com/advisories/24581
http://secunia.com/advisories/24588
http://secunia.com/advisories/24591
http://secunia.com/advisories/24593
http://secunia.com/advisories/24613
http://secunia.com/advisories/24794
http://secunia.com/advisories/24856
http://secunia.com/advisories/24906
http://security.gentoo.org/glsa/glsa-200704-07.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659
http://sourceforge.net/project/shownotes.php?release_id=494122
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1
http://www.debian.org/security/2007/dsa-1268
http://www.debian.org/security/2007/dsa-1270
http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:063
http://www.mandriva.com/security/advisories?name=MDKSA-2007:064
http://www.redhat.com/support/errata/RHSA-2007-0055.html
http://www.securityfocus.com/archive/1/463033/100/0/threaded
http://www.securityfocus.com/bid/23006
http://www.securitytracker.com/id?1017789
http://www.ubuntu.com/usn/usn-437-1
http://www.vupen.com/english/advisories/2007/0976
http://www.vupen.com/english/advisories/2007/1032
http://www.vupen.com/english/advisories/2007/1339
https://nvd.nist.gov/vuln/detail/CVE-2007-0002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11535
https://www.cve.org/CVERecord?id=CVE-2007-0002

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-03-16T21:00:00

Updated: 2024-08-07T12:03:36.975Z

Reserved: 2006-12-19T00:00:00

Link: CVE-2007-0002

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-16T21:19:00.000

Modified: 2024-11-21T00:24:44.700

Link: CVE-2007-0002

Redhat

Severity : Important

Publid Date: 2007-03-16T00:00:00Z

Links: CVE-2007-0002 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object