iDefense discovered a TablesGroup Heap Overflow Vulnerability in libwpd. We're
waiting on the full details but it's likely that an attacker could create a
malicious WordPerfect file that could execute arbitrary code if opened by a
victim in an application using libwpd such as OpenOffice.
No date on embargo; not sure if this will make it before GA or need a 0day.
Created attachment 145665 [details]
EMBARGOED proposed patch against 0.8.8
Created attachment 145676 [details]
updated patch against the wpd we're shipping in RHEL-5
This will need a 0day, won't make GA
Approving for CVS commit.
removing embargo, now public http://libwpd.sourceforge.net/news.html
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.