Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 56595 - app-text/wv-1.0.0 - Buffer Overflow Vulnerability
Summary: app-text/wv-1.0.0 - Buffer Overflow Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-07-10 03:24 UTC by Carsten Lohrke (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2004-07-10 03:24:32 UTC
Caol
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2004-07-10 03:24:32 UTC
Caolán McNamara and Dom Lachowiczs wv library has been found to contain
a buffer overflow condition that can be exploited through a specially
crafted document.

If an attacker can convince a user to open an exploit document in HTML
mode using an application that builds upon the wv library, it is
possible for the attacker to execute arbitrary code under the privileges
of that user.

iDEFENSE has confirmed the existence of this vulnerability in version
0.7.4, and a slight variant of this vulnerability in versions 0.7.5,
0.7.6 and 1.0.0.

http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities


I'm not sure, who's the maintainer in this case - metadata.xml is missing.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-10 03:57:26 UTC
Marinus you have committed the last few new versions will you commit a patched ebuild?

Also you might want to correct HOMEPAGE to point to the SF page.
Comment 4 foser (RETIRED) gentoo-dev 2004-07-12 09:41:45 UTC
added the patch + minor USE fix to the ebuild. Bumped to 1.0.0-r1 all stable (the fixes were minor and i guess this needs to go in).
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-07-12 13:06:57 UTC
Ready for a GLSA
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-07-14 04:14:38 UTC
GLSA 200407-11