FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wv -- Multiple Integer Overflow Vulnerabilities

Affected packages
wv < 1.2.3

Details

VuXML ID d29dc506-8aa6-11db-bd0d-00123ffe8333
Discovery 2006-10-26
Entry 2006-12-13

Secunia reports:

Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

The vulnerabilities are caused due to integer overflows within the "wvGetLFO_records()" and "wvGetLFO_PLF()" functions. These can be exploited to cause heap-based buffer overflows by e.g. tricking a user to open a specially crafted Microsoft Word document with an application using the library.

References

CVE Name CVE-2006-4513
URL http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=433
URL http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434
URL http://secunia.com/advisories/22595/