Bug 232880 - libwpd integer overflow CVE-2007-0002
libwpd integer overflow CVE-2007-0002
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: libwpd (Show other bugs)
6
All Linux
medium Severity high
: ---
: ---
Assigned To: Caolan McNamara
http://libwpd.sourceforge.net/news.html
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-19 03:11 EDT by Kevin Kofler
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-20 03:34:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kevin Kofler 2007-03-19 03:11:57 EDT
Description of problem:
libwpd <=0.8.8 is vulnerable to an integer overflow bug, fixed in 0.8.9. FC6 
currently ships 0.8.6 and is not patched for CVE-2007-0002.

Version-Release number of selected component (if applicable):
libwpd-0.8.6-1

How reproducible:
Didn't try.

Steps to Reproduce:
N/A

Actual results:
Vulnerable.

Expected results:
Not vulnerable.

Additional info:
See bug 222808 for the RHEL 5 security advisory. "This update has been rated 
as having important security impact by the Red Hat Security Response Team."

Note You need to log in before you can comment on or make changes to this bug.