Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 232880 - libwpd integer overflow CVE-2007-0002
Summary: libwpd integer overflow CVE-2007-0002
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libwpd
Version: 6
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact:
URL: http://libwpd.sourceforge.net/news.html
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-19 07:11 UTC by Kevin Kofler
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-20 07:34:15 UTC


Attachments (Terms of Use)

Description Kevin Kofler 2007-03-19 07:11:57 UTC
Description of problem:
libwpd <=0.8.8 is vulnerable to an integer overflow bug, fixed in 0.8.9. FC6 
currently ships 0.8.6 and is not patched for CVE-2007-0002.

Version-Release number of selected component (if applicable):
libwpd-0.8.6-1

How reproducible:
Didn't try.

Steps to Reproduce:
N/A

Actual results:
Vulnerable.

Expected results:
Not vulnerable.

Additional info:
See bug 222808 for the RHEL 5 security advisory. "This update has been rated 
as having important security impact by the Red Hat Security Response Team."


Note You need to log in before you can comment on or make changes to this bug.