Gentoo Linux Advisory: wv | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

Gentoo Linux Advisory: wv

Written By
Web Webster
Web Webster
Jul 15, 2004

Gentoo Linux Security Advisory GLSA 200407-11

http://security.gentoo.org/

Severity: Normal
Title: wv: Buffer overflow vulnerability
Date: July 14, 2004
Bugs: #56595
ID: 200407-11

Synopsis

A buffer overflow vulnerability exists in the wv library that
can allow an attacker to execute arbitrary code with the privileges
of the user running the vulnerable application.

Background

The wv library allows access to MS Word files. It can parse Word
files and allow other applications, such as abiword, to import
those files into their native formats.

Affected packages

Package Vulnerable Unaffected
1 app-text/wv < 1.0.0-r1 >= 1.0.0-r1

Description

A use of strcat without proper bounds checking leads to an
exploitable buffer overflow. The vulnerable code is executed when
wv encounters an unrecognized token, so a specially crafted file,
loaded in wv, can trigger the vulnerable code and execute it’s own
arbitrary code. This exploit is only possible when the user loads
the document into HTML view mode.

Advertisement

Impact

By inducing a user into running wv on a special file, an
attacker can execute arbitrary code with the permissions of the
user running the vulnerable program.

Workaround

Users should not view untrusted documents with wvHtml or
applications using wv. When loading an untrusted document in an
application using the wv library, make sure HTML view is
disabled.

Resolution

All users should upgrade to the latest available version.

    # emerge sync
    # emerge -pv ">=app-text/wv-1.0.0-r1"
    # emerge ">=app-text/wv-1.0.0-r1"

References

[ 1 ] iDEFENSE Security Advisory


http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200407-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information