// For flags

CVE-2007-0002

buffer overflows

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

Múltiples desbordamientos de búfer en la región heap de la memoria en WordPerfect Document importer/exporter (libwpd) versiones anteriores a 0.8.9, permite a atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un archivo WordPerfect diseñado en el que los valores de los contadores de bucle no se manejan apropiadamente en las funciones (1) WP3TablesGroup::_readContents y (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup. NOTA: Un desbordamiento de enteros ha sido separado de CVE-2007-1466.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-12-19 CVE Reserved
  • 2007-03-16 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-02-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (37)
URL Tag Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490 Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=494122 X_refsource_confirm
http://www.securityfocus.com/archive/1/463033/100/0/threaded Mailing List
http://www.securityfocus.com/bid/23006 Vdb Entry
http://www.securitytracker.com/id?1017789 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11535 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://fedoranews.org/cms/node/2805 2018-10-16
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html 2018-10-16
http://secunia.com/advisories/24465 2018-10-16
http://secunia.com/advisories/24507 2018-10-16
http://secunia.com/advisories/24557 2018-10-16
http://secunia.com/advisories/24572 2018-10-16
http://secunia.com/advisories/24573 2018-10-16
http://secunia.com/advisories/24580 2018-10-16
http://secunia.com/advisories/24581 2018-10-16
http://secunia.com/advisories/24588 2018-10-16
http://secunia.com/advisories/24591 2018-10-16
http://secunia.com/advisories/24593 2018-10-16
http://secunia.com/advisories/24613 2018-10-16
http://secunia.com/advisories/24794 2018-10-16
http://secunia.com/advisories/24856 2018-10-16
http://secunia.com/advisories/24906 2018-10-16
http://security.gentoo.org/glsa/glsa-200704-07.xml 2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659 2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1 2018-10-16
http://www.debian.org/security/2007/dsa-1268 2018-10-16
http://www.debian.org/security/2007/dsa-1270 2018-10-16
http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:063 2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:064 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0055.html 2018-10-16
http://www.ubuntu.com/usn/usn-437-1 2018-10-16
http://www.vupen.com/english/advisories/2007/0976 2018-10-16
http://www.vupen.com/english/advisories/2007/1032 2018-10-16
http://www.vupen.com/english/advisories/2007/1339 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-0002 2007-03-16
https://bugzilla.redhat.com/show_bug.cgi?id=222808 2007-03-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libwpd
Search vendor "Libwpd"
 Libwpd Library
Search vendor "Libwpd" for product "Libwpd Library"
 <= 0.8.8
Search vendor "Libwpd" for product "Libwpd Library" and version " <= 0.8.8"
-
Affected
Libwpd
Search vendor "Libwpd"
 Libwpd Library
Search vendor "Libwpd" for product "Libwpd Library"
 0.8.2
Search vendor "Libwpd" for product "Libwpd Library" and version "0.8.2"
-
Affected
Libwpd
Search vendor "Libwpd"
 Libwpd Library
Search vendor "Libwpd" for product "Libwpd Library"
 0.8.6
Search vendor "Libwpd" for product "Libwpd Library" and version "0.8.6"
-
Affected
Libwpd
Search vendor "Libwpd"
 Libwpd Library
Search vendor "Libwpd" for product "Libwpd Library"
 0.8.7
Search vendor "Libwpd" for product "Libwpd Library" and version "0.8.7"
-
Affected