+++ This bug was initially created as a clone of Bug #212696 +++ Multiple integer overflows in wv < 1.2.3: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 abiword uses an internal copy of wv, which seems to be 1.0.3 as of abiword 2.4.5, so it may be affected. Additionally, would it be possible to change abiword to use the system installed wv instead of the internal one?
(In reply to comment #0) > Additionally, would it be possible to change abiword to use the system > installed wv instead of the internal one? IIRC, That's planned for the in-development 2.6.x series.
I've backported the fix to version 1.0.3 (FC-4 version), you may want to try that: http://cvs.fedora.redhat.com/viewcvs/rpms/wv/FC-4/wv-1.0.3-CVE-2006-4513.patch?root=extras&rev=1.1&view=log
In AbiWord CVS the backports to wv have already been made too, so AbiWord 2.4.6 will automatically get the fixes. I'll update AbiWord 2.3.5 in the meantime with a patch as well. Also note that the fix described in comment 2 prevents the overflow, but _will crash_ on the documents that triggered the overflow in the first place. Please apply the attached diff as well.
Created attachment 139674 [details] Patch to prevent wv from crashing after applying the security fix Patch to prevent wv from crashing after applying the security fix
Done, thanks.
Fixed in abi 2.4.6