FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4513

This CVE name corresponds to:

Entered Topic
2006-12-13 wv -- Multiple Integer Overflow Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-4513
Phase Assigned(20060831)

Description

Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.

References

Source Reference
IDEFENSE 20061026 Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability
IDEFENSE 20061026 Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability
GENTOO GLSA-200612-01
MANDRIVA MDKSA-2006:202
SUSE SUSE-SR:2006:028
UBUNTU USN-374-1
BID 20761
VUPEN ADV-2006-4221
SECTRACK 1017126
SECUNIA 22595
SECUNIA 22680
SECUNIA 22705
SECUNIA 23273
SECUNIA 23335
XF wvware-lfo-lvl-overflow(29833)