Intrusion Prevention

Multiple.Vendor.libwpd.WP3TablesGroup.Heap.Overflow

Description

This indicates a possible exploit of a buffer overflow vulnerability in Libwpd.
A flaw in the "WP6GeneralTextPacket::_readContents" function could lead to a buffer overflow when processing data from a malformed Wordperfect file.

Affected Products

Libwpd versions prior to 0.8.9
Sun StarOffice 8
Sun StarSuite 8
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux FUJI 0
Sun StarSuite 8
Sun StarOffice 8.0
Slackware Linux 10.2
Slackware Linux 11.0
SGI ProPack 3.0 SP6
S.u.S.E. SUSE Linux Enterprise Desktop 10
S.u.S.E. SLE SDK 10
S.u.S.E. openSUSE 10.2
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 9.3 x86
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86
rPath rPath Linux 1
RedHat Fedora Core6
RedHat Fedora Core5
RedHat Enterprise Linux Optional Productivity Application v.5 server
RedHat Enterprise Linux Desktop Workstation v. 5 client
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Desktop 4.0
RedHat Desktop 3.0
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
libwpd libwpd library 0.8.7
libwpd libwpd library 0.8.6
libwpd libwpd library 0.8.2
libwpd libwpd library 0.8_8-0.8.6
Gentoo Linux
Gentoo app-office/openoffice-bin 2.1
Gentoo app-office/openoffice 2.0.3
Foresight Linux Foresight Linux 1.1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0

Impact

The execution of arbitrary code on the system.

Recommended Actions

Upgrade to Libwpd version 0.8.9 :
http://sourceforge.net/projects/libwpd/

CVE References

CVE-2007-0002