Vulnerability Description
Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sourceforge | Wordperfect Document Importer-Exporter | <= 0.8.8 |
Related Weaknesses (CWE)
References
- http://fedoranews.org/cms/node/2805
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490
- http://secunia.com/advisories/24507Vendor Advisory
- http://secunia.com/advisories/24550Vendor Advisory
- http://secunia.com/advisories/24557Vendor Advisory
- http://secunia.com/advisories/24572Vendor Advisory
- http://secunia.com/advisories/24573Vendor Advisory
- http://secunia.com/advisories/24580Vendor Advisory
- http://secunia.com/advisories/24581Vendor Advisory
- http://secunia.com/advisories/24588Vendor Advisory
- http://secunia.com/advisories/24794Vendor Advisory
- http://secunia.com/advisories/24856Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200704-07.xml
- http://sourceforge.net/project/shownotes.php?release_id=494122
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1
FAQ
What is CVE-2007-1466?
CVE-2007-1466 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service ...
How severe is CVE-2007-1466?
CVE-2007-1466 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1466?
Check the references section above for vendor advisories and patch information. Affected products include: Sourceforge Wordperfect Document Importer-Exporter.