CVE-2007-0002

Name of the Vulnerable Software and Affected Versions libwpd versions prior to 0.8.9

Description The issue involves multiple vulnerabilities in the libwpd package of the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The vulnerabilities are related to heap-based buffer overflows in the WordPerfect Document importer/exporter, which can cause a denial of service or possibly execute arbitrary code when a crafted WordPerfect file is processed. Specifically, the vulnerabilities are in the WP3TablesGroup:: readContents and WP5DefinitionGroup DefineTablesSubGroup::WP5DefinitionGroup DefineTablesSubGroup functions, where values to loop counters are not properly handled.

Recommendations For libwpd versions prior to 0.8.9, update to version 0.8.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WordPerfect Document importer/exporter until a patch is available. Avoid using the vulnerable functions WP3TablesGroup:: readContents and WP5DefinitionGroup DefineTablesSubGroup::WP5DefinitionGroup DefineTablesSubGroup until the issue is resolved.