CVE-2006-4513

Publication date 28 October 2006

Last updated 24 July 2024


Ubuntu priority

Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.

Status

Package Ubuntu Release Status
wv 7.04 feisty
Fixed 1.2.4-2
6.10 edgy
Fixed 1.2.1-2ubuntu0.1
6.06 LTS dapper
Fixed 1.0.2-0.1ubuntu0.6.06

References

Related Ubuntu Security Notices (USN)

    • USN-374-1
    • wvWare vulnerability
    • 1 November 2006

Other references