CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-19208 – libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp
https://notcve.org/view.php?id=CVE-2018-19208
12 Nov 2018 — In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. En libwpd 0.10.2, hay una desreferencia de puntero NULL en la función WP6ContentListener::defineTable en WP6ContentListener.cpp que conducirá a un ataque de denegación de servicio (DoS). Esto está relacionado con WPXTable.h. libwpd is a library for reading and converting Corel WordPerfect Office documents.... • https://access.redhat.com/errata/RHSA-2019:2126 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-14226
https://notcve.org/view.php?id=CVE-2017-14226
09 Sep 2017 — WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. WP1StylesListener.cpp, WP5StylesListener.cpp, y WP42StylesListener.cpp en libwpd 0.10.1 no gestiona iteradores correctamente, lo... • https://bugs.documentfoundation.org/show_bug.cgi?id=112269 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 6%CPEs: 5EXPL: 2CVE-2012-2149 – libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents
https://notcve.org/view.php?id=CVE-2012-2149
21 Jun 2012 — The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow. La función WPXContentListener::_closeTableRow en WPXContentListener.cpp en libwpd v0.8.8, tal y como es usado por OpenOffice.org (OOo) antes de v3.4, permite a atacantes remotos e... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 8%CPEs: 4EXPL: 0CVE-2007-0002 – buffer overflows
https://notcve.org/view.php?id=CVE-2007-0002
16 Mar 2007 — Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-146... • http://fedoranews.org/cms/node/2805 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •