CVE-2004-0645 | Vulnerability Database | Aqua Security

Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.

Affected Software

Name	Vendor	Start Version	End Version
Community_abiword	Abisource	2.0.3 (including)	2.0.3 (including)
Community_abiword	Abisource	2.0.4 (including)	2.0.4 (including)
Community_abiword	Abisource	2.0.5 (including)	2.0.5 (including)
Community_abiword	Abisource	2.0.6 (including)	2.0.6 (including)
Community_abiword	Abisource	2.0.7 (including)	2.0.7 (including)
Wvware	Wvware	0.7.4 (including)	0.7.4 (including)
Wvware	Wvware	0.7.5 (including)	0.7.5 (including)
Wvware	Wvware	0.7.6 (including)	0.7.6 (including)
Wvware	Wvware	1.0 (including)	1.0 (including)
Wv	Ubuntu	dapper	*
Wv	Ubuntu	devel	*
Wv	Ubuntu	edgy	*
Wv	Ubuntu	feisty	*

References

http://cpan.cybercomm.nl/pub/gentoo-portage/app-text/wv/files/wv-1.0.0-fix_overflow.patch
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000863
http://security.gentoo.org/glsa/glsa-200407-11.xml
http://www.debian.org/security/2004/dsa-579
http://www.freebsd.org/ports/portaudit/7a5430df-d562-11d8-b479-02e0185c0b53.html
http://www.idefense.com/application/poi/display?id=115\u0026type=vulnerabilities
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:077
http://www.osvdb.org/7761
https://bugzilla.fedora.us/show_bug.cgi?id=1906
https://exchange.xforce.ibmcloud.com/vulnerabilities/16660

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0645
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html