David Tardon

**Name of the Vulnerable Software and Affected Versions** Document Liberation Project libmwaw versions prior to 2017-04-08 **Description** The issue is caused by a heap-based buffer overflow related to the `MsWrd1Parser::readFootnoteCorrespondance` function in lib/MsWrd1Parser.cxx. This can be exploited by a remote attacker using a specially crafted document to execute arbitrary code. **Recommendations** For versions prior to 2017-04-08, update to a version released after 2017-04-08 to resolve the issue. As a temporary workaround, consider disabling the `MsWrd1Parser::readFootnoteCorrespondance` function until a patch is available.