Bug 212698 - CVE-2006-4513: multiple integer overflows in wv < 1.2.3
CVE-2006-4513: multiple integer overflows in wv < 1.2.3
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: abiword (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Marc Maurer
Fedora Extras Quality Assurance
http://nvd.nist.gov/nvd.cfm?cvename=C...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-28 02:35 EDT by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-08 18:43:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to prevent wv from crashing after applying the security fix (1.13 KB, patch)
2006-10-29 13:30 EST, Marc Maurer
no flags Details | Diff

  None (edit)
Description Ville Skyttä 2006-10-28 02:35:04 EDT
+++ This bug was initially created as a clone of Bug #212696 +++

Multiple integer overflows in wv < 1.2.3: 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513

abiword uses an internal copy of wv, which seems to be 1.0.3 as of abiword 
2.4.5, so it may be affected.

Additionally, would it be possible to change abiword to use the system 
installed wv instead of the internal one?
Comment 1 Peter Gordon 2006-10-28 02:50:48 EDT
(In reply to comment #0)
> Additionally, would it be possible to change abiword to use the system 
> installed wv instead of the internal one?

IIRC, That's planned for the in-development 2.6.x series.
Comment 2 Aurelien Bompard 2006-10-29 13:12:22 EST
I've backported the fix to version 1.0.3 (FC-4 version), you may want to try that:
http://cvs.fedora.redhat.com/viewcvs/rpms/wv/FC-4/wv-1.0.3-CVE-2006-4513.patch?root=extras&rev=1.1&view=log
Comment 3 Marc Maurer 2006-10-29 13:28:40 EST
In AbiWord CVS the backports to wv have already been made too, so AbiWord 2.4.6
will automatically get the fixes. I'll update AbiWord 2.3.5 in the meantime with
a patch as well.

Also note that the fix described in comment 2 prevents the overflow, but _will
crash_ on the documents that triggered the overflow in the first place. Please
apply the attached diff as well.
Comment 4 Marc Maurer 2006-10-29 13:30:16 EST
Created attachment 139674 [details]
Patch to prevent wv from crashing after applying the security fix

Patch to prevent wv from crashing after applying the security fix
Comment 5 Aurelien Bompard 2006-10-29 13:47:30 EST
Done, thanks.
Comment 6 Marc Maurer 2007-01-08 18:43:06 EST
Fixed in abi 2.4.6

Note You need to log in before you can comment on or make changes to this bug.