Bug 232880 - libwpd integer overflow CVE-2007-0002
Summary: libwpd integer overflow CVE-2007-0002
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libwpd (Show other bugs)
(Show other bugs)
Version: 6
Hardware: All Linux
medium
high
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact:
URL: http://libwpd.sourceforge.net/news.html
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-19 07:11 UTC by Kevin Kofler
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-20 07:34:15 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Kevin Kofler 2007-03-19 07:11:57 UTC
Description of problem:
libwpd <=0.8.8 is vulnerable to an integer overflow bug, fixed in 0.8.9. FC6 
currently ships 0.8.6 and is not patched for CVE-2007-0002.

Version-Release number of selected component (if applicable):
libwpd-0.8.6-1

How reproducible:
Didn't try.

Steps to Reproduce:
N/A

Actual results:
Vulnerable.

Expected results:
Not vulnerable.

Additional info:
See bug 222808 for the RHEL 5 security advisory. "This update has been rated 
as having important security impact by the Red Hat Security Response Team."


Note You need to log in before you can comment on or make changes to this bug.