CVE-2007-0002

Current Description

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

Evaluator Description

This vulnerability has been addressed by the vendor through a product update: http://sourceforge.net/projects/libwpd/

Referenced by CVEs:CVE-2007-1466

Basic Data

PublishedMarch 16, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLibwpdLibwpd Library0.8.2*******
    2.3ApplicationLibwpdLibwpd Library0.8.6*******
    2.3ApplicationLibwpdLibwpd Library0.8.7*******
    2.3ApplicationLibwpdLibwpd Library********0.8.8

Vulnerable Software List

VendorProductVersions
Libwpd Libwpd Library *, 0.8.2, 0.8.6, 0.8.7

References

NameSourceURLTags
FEDORA-2007-350http://fedoranews.org/cms/node/2805FEDORA
20070316 Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilitieshttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490IDEFENSE
SUSE-SA:2007:023http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.htmlSUSE
24465http://secunia.com/advisories/24465SECUNIAVendor Advisory
24507http://secunia.com/advisories/24507SECUNIAVendor Advisory
24557http://secunia.com/advisories/24557SECUNIAVendor Advisory
24572http://secunia.com/advisories/24572SECUNIAVendor Advisory
24573http://secunia.com/advisories/24573SECUNIAVendor Advisory
24580http://secunia.com/advisories/24580SECUNIAVendor Advisory
24581http://secunia.com/advisories/24581SECUNIAVendor Advisory
24588http://secunia.com/advisories/24588SECUNIAVendor Advisory
24591http://secunia.com/advisories/24591SECUNIAVendor Advisory
24593http://secunia.com/advisories/24593SECUNIAVendor Advisory
24613http://secunia.com/advisories/24613SECUNIAVendor Advisory
24794http://secunia.com/advisories/24794SECUNIAVendor Advisory
24856http://secunia.com/advisories/24856SECUNIAVendor Advisory
24906http://secunia.com/advisories/24906SECUNIAVendor Advisory
GLSA-200704-07http://security.gentoo.org/glsa/glsa-200704-07.xmlGENTOO
SSA-2007-085-02http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659SLACKWARE
http://sourceforge.net/project/shownotes.php?release_id=494122http://sourceforge.net/project/shownotes.php?release_id=494122CONFIRM
102863http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1SUNALERT
DSA-1268http://www.debian.org/security/2007/dsa-1268DEBIAN
DSA-1270http://www.debian.org/security/2007/dsa-1270DEBIAN
GLSA-200704-12http://www.gentoo.org/security/en/glsa/glsa-200704-12.xmlGENTOO
MDKSA-2007:063http://www.mandriva.com/security/advisories?name=MDKSA-2007:063MANDRIVA
MDKSA-2007:064http://www.mandriva.com/security/advisories?name=MDKSA-2007:064MANDRIVA
RHSA-2007:0055http://www.redhat.com/support/errata/RHSA-2007-0055.htmlREDHATVendor Advisory
20070316 rPSA-2007-0057-1 libwpdhttp://www.securityfocus.com/archive/1/463033/100/0/threadedBUGTRAQ
23006http://www.securityfocus.com/bid/23006BID
1017789http://www.securitytracker.com/id?1017789SECTRACK
USN-437-1http://www.ubuntu.com/usn/usn-437-1UBUNTU
ADV-2007-0976http://www.vupen.com/english/advisories/2007/0976VUPENVendor Advisory
ADV-2007-1032http://www.vupen.com/english/advisories/2007/1032VUPENVendor Advisory
ADV-2007-1339http://www.vupen.com/english/advisories/2007/1339VUPENVendor Advisory
oval:org.mitre.oval:def:11535https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11535OVAL