The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Enterprise_linux__optional_productivity_applications | Redhat | * | * |
Enterprise_linux_desktop | Redhat | 5.0 (including) | 5.0 (including) |