FreeBSD : wv -- Multiple Integer Overflow Vulnerabilities (d29dc506-8aa6-11db-bd0d-00123ffe8333)
Medium Nessus Plugin ID 23851
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
The vulnerabilities are caused due to integer overflows within the 'wvGetLFO_records()' and 'wvGetLFO_PLF()' functions. These can be exploited to cause heap-based buffer overflows by e.g. tricking a user to open a specially crafted Microsoft Word document with an application using the library.
SolutionUpdate the affected package.