iDefense discovered a TablesGroup Heap Overflow Vulnerability in libwpd. We're waiting on the full details but it's likely that an attacker could create a malicious WordPerfect file that could execute arbitrary code if opened by a victim in an application using libwpd such as OpenOffice. No date on embargo; not sure if this will make it before GA or need a 0day.
Created attachment 145665 [details] EMBARGOED proposed patch against 0.8.8
Created attachment 145676 [details] updated patch against the wpd we're shipping in RHEL-5
This will need a 0day, won't make GA
Approving for CVS commit.
RHEL-5:libwpd-0.8.7-2.el5
removing embargo, now public http://libwpd.sourceforge.net/news.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0055.html