|
| Description: | | Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. |
|
| Impact: | | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. |
|
| Affected OS: | | Solaris, Other Unix, FreeBSD, Linux |
|
| Reference: | | SecurityFocusBID:23006
SecurityTrackerID:1017789
|
|