CVE-2018-19208 – libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp
https://notcve.org/view.php?id=CVE-2018-19208
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. En libwpd 0.10.2, hay una desreferencia de puntero NULL en la función WP6ContentListener::defineTable en WP6ContentListener.cpp que conducirá a un ataque de denegación de servicio (DoS). Esto está relacionado con WPXTable.h. • https://access.redhat.com/errata/RHSA-2019:2126 https://bugzilla.redhat.com/show_bug.cgi?id=1643752 https://access.redhat.com/security/cve/CVE-2018-19208 https://bugzilla.redhat.com/show_bug.cgi?id=1649414 • CWE-476: NULL Pointer Dereference •
CVE-2017-14226
https://notcve.org/view.php?id=CVE-2017-14226
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. WP1StylesListener.cpp, WP5StylesListener.cpp, y WP42StylesListener.cpp en libwpd 0.10.1 no gestiona iteradores correctamente, lo que permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en montículos en la clase WPXTableList en WPXTable.cpp). Esta vulnerabilidad puede desencadenarse en LibreOffice en versiones anteriores a la 5.3.7. • https://bugs.documentfoundation.org/show_bug.cgi?id=112269 https://bugzilla.redhat.com/show_bug.cgi?id=1489337 https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9 https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5 https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3 https://sourceforge.net/p/libwpd/tickets/14 • CWE-125: Out-of-bounds Read •
CVE-2012-2149 – libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents
https://notcve.org/view.php?id=CVE-2012-2149
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow. La función WPXContentListener::_closeTableRow en WPXContentListener.cpp en libwpd v0.8.8, tal y como es usado por OpenOffice.org (OOo) antes de v3.4, permite a atacantes remotos ejecutar código de su elección a través de un documento WordPerfect .WPD debidamente modificado, que provoca que se use un índice de matriz negativa. NOTA: algunas fuentes informan de este tema como un desbordamiento de enteros. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html http://rhn.redhat.com/errata/RHSA-2012-1043.html http://secunia.com/advisories/46992 http://secunia.com/advisories/60799 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.openoffice.org/security/cves/CVE-2012-2149.html http://www.securityfocus.com/bid/53570 http://www.securitytracker.com/id?1027069 • CWE-189: Numeric Errors •
CVE-2007-0002 – buffer overflows
https://notcve.org/view.php?id=CVE-2007-0002
Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466. Múltiples desbordamientos de búfer en la región heap de la memoria en WordPerfect Document importer/exporter (libwpd) versiones anteriores a 0.8.9, permite a atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un archivo WordPerfect diseñado en el que los valores de los contadores de bucle no se manejan apropiadamente en las funciones (1) WP3TablesGroup::_readContents y (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup. NOTA: Un desbordamiento de enteros ha sido separado de CVE-2007-1466. • http://fedoranews.org/cms/node/2805 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html http://secunia.com/advisories/24465 http://secunia.com/advisories/24507 http://secunia.com/advisories/24557 http://secunia.com/advisories/24572 http://secunia.com/advisories/24573 http://secunia.com/advisories/24580 http://secunia.com/advisories/24581 http://secunia.com/advisories/24588 http://se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •