MDKSA-2007:063

Package name

libwpd

Date

2007-03-16

Advisory ID

MDKSA-2007:063

Affected versions

2007.0 x86_64 , 2007.0 i586

Problem description

iDefense reported several overflow bugs in libwpd. An attacker
could create a carefully crafted Word Perfect file that could cause
an application linked with libwpd, such as OpenOffice, to crash or
possibly execute arbitrary code if the file was opened by a victim.

Updated packages have been patched to address this issue.

Updated packages

2007.0 x86_64

 fa400d38581ce2ea7fd18ff5f2202508  2007.0/x86_64/lib64wpd-0.8_8-0.8.6-1.1mdv2007.0.x86_64.rpm
 7f5be4640b867ed6b5e6bbdd8cca4096  2007.0/x86_64/lib64wpd-0.8_8-devel-0.8.6-1.1mdv2007.0.x86_64.rpm
 72743642ac95ab9acdaa7193656f6023  2007.0/x86_64/libwpd-tools-0.8.6-1.1mdv2007.0.x86_64.rpm 
 efde71d904604af261dae41949d6f314  2007.0/SRPMS/libwpd-0.8.6-1.1mdv2007.0.src.rpm

2007.0 i586

 dc542d5d0287c5fc7d032c8bb8739f76  2007.0/i586/libwpd-0.8_8-0.8.6-1.1mdv2007.0.i586.rpm
 049c74e8e8d5ea73aab2f986dd9ce75a  2007.0/i586/libwpd-0.8_8-devel-0.8.6-1.1mdv2007.0.i586.rpm
 b52f1c37150bdea7ff484ef4aaf1791a  2007.0/i586/libwpd-tools-0.8.6-1.1mdv2007.0.i586.rpm 
 efde71d904604af261dae41949d6f314  2007.0/SRPMS/libwpd-0.8.6-1.1mdv2007.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466