Debian Security Advisory

DSA-1268-1 libwpd -- integer overflow

Date Reported:

17 Mar 2007

Affected Packages:

libwpd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2007-0002.

More information:

iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents. Attackers were able to exploit these with carefully crafted Word Perfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 0.8.1-1sarge1.

For the testing distribution (etch) these problems have been fixed in version 0.8.7-6.

For the unstable distribution (sid) these problems have been fixed in version 0.8.7-6.

We recommend that you upgrade your libwpd package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.1-1sarge1.dsc; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.1-1sarge1.diff.gz; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.1.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-doc_0.8.1-1sarge1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_alpha.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_alpha.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_alpha.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_amd64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_amd64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_amd64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_arm.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_arm.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_arm.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_hppa.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_hppa.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_hppa.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_i386.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_i386.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_i386.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_ia64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_ia64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_ia64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_m68k.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_m68k.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_m68k.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_mips.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_mips.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_mips.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_s390.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_s390.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_s390.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_sparc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_sparc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_sparc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_sparc.deb

Debian GNU/Linux pre4.0 (etch)

Source:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.7-6.dsc; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.7-6.diff.gz; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.7.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-doc_0.8.7-6_all.deb
Alpha:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_alpha.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_alpha.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_alpha.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_amd64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_amd64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_amd64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_arm.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_arm.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_arm.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_hppa.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_hppa.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_hppa.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_i386.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_i386.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_i386.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_ia64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_ia64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_ia64.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_m68k.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_m68k.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_m68k.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_mips.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_mips.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_mips.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_mipsel.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_mipsel.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_mipsel.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_powerpc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_powerpc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_powerpc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_s390.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_s390.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_s390.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_sparc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_sparc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_sparc.deb; http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_sparc.deb

MD5 checksums of the listed files are available in the original advisory.