1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200612-01 / wv library |
| Release Date | December 07, 2006 |
| Latest Revision | December 07, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-text/wv | < 1.2.3-r1 | >= 1.2.3-r1 | All supported architectures |
Related bugreports: #153800
The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code.
wv is a library for conversion of MS Word DOC and RTF files.
The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows.
An attacker could craft a malicious file that, when handled with the wv library, could lead to the execution of arbitrary code with the permissions of the user running the application.
There is no known workaround at this time.
All wv library users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/wv-1.2.3-r1" |