Vulnerability Details : CVE-2007-0002


CVE Name: CVE-2007-0002: Code Execution, Dos, Memory Corruption vulnerability on Libwpd Libwpd Library
Description: Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.
Publish date: 2007-03-16T21:19Z
Last Update: 2018-10-16T16:29Z

CVSS Scores & Vulnerability Types


CVSS Score
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Actack VectorNETWORK
Actack ComplexityMEDIUM
Privileges RequiredNONE
User InteractionRequired
ScopeNo info
Vulnerability Type(s)Code Execution, Dos, Memory Corruption
CWE ID119

Products Affected By CVE-2007-0002


# Vendor Product Vulnerable Versions
1 Libwpd Libwpd Library 4

Detail of Verions Affected


# Product Type Vendor Product Version
1 Application Libwpd Libwpd Library *
2 Application Libwpd Libwpd Library 0.8.2
3 Application Libwpd Libwpd Library 0.8.6
4 Application Libwpd Libwpd Library 0.8.7

References For CVE-2007-0002


Hyperlink Resource
http://sourceforge.net/project/shownotes.php?release_id=494122
http://secunia.com/advisories/24507 Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490
http://www.debian.org/security/2007/dsa-1268
http://www.debian.org/security/2007/dsa-1270
http://fedoranews.org/cms/node/2805
http://www.redhat.com/support/errata/RHSA-2007-0055.html Vendor Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html
http://www.ubuntu.com/usn/usn-437-1
http://www.securityfocus.com/bid/23006
http://www.securitytracker.com/id?1017789
http://secunia.com/advisories/24557 Vendor Advisory
http://secunia.com/advisories/24572 Vendor Advisory
http://secunia.com/advisories/24580 Vendor Advisory
http://secunia.com/advisories/24573 Vendor Advisory
http://secunia.com/advisories/24581 Vendor Advisory
http://secunia.com/advisories/24593 Vendor Advisory
http://secunia.com/advisories/24465 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200704-07.xml
http://secunia.com/advisories/24794 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1
http://secunia.com/advisories/24856 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml
http://secunia.com/advisories/24906 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:063
http://www.mandriva.com/security/advisories?name=MDKSA-2007:064
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659
http://secunia.com/advisories/24588 Vendor Advisory
http://secunia.com/advisories/24613 Vendor Advisory
http://secunia.com/advisories/24591 Vendor Advisory
http://www.vupen.com/english/advisories/2007/1032 Vendor Advisory
http://www.vupen.com/english/advisories/2007/1339 Vendor Advisory
http://www.vupen.com/english/advisories/2007/0976 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11535
http://www.securityfocus.com/archive/1/463033/100/0/threaded