wv
Page content
- Author: voroskoi
- Vulnerable: 1.2.1-1
- Unaffected: 1.2.4-1siwenna1
Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to integer overflows within the “wvGetLFO_records()” and “wvGetLFO_PLF()” functions. These can be exploited to cause heap-based buffer overflows by e.g. tricking a user to open a specially crafted Microsoft Word document with an application using the library.
- Bug Tracker URL: http://bugs.frugalware.org/task/1374