CVE-2004-0645

Name	CVE-2004-0645
Description	Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-550-1, DSA-579-1
Debian Bugs	264972

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
abiword (PTS)	buster	3.0.2-8	fixed
	bullseye	3.0.4~dfsg-3	fixed
	bookworm, sid	3.0.5~dfsg-3.2	fixed
wv (PTS)	buster, bullseye	1.2.9-4.2	fixed
	bookworm	1.2.9-5	fixed
	sid, trixie	1.2.9-8	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
abiword	source	woody	1.0.2+cvs.2002.06.05-1woody2	DSA-579-1
abiword	source	(unstable)	2.0.8
wv	source	woody	0.7.1+rvt-2woody3	DSA-550-1	264972
wv	source	(unstable)	1.0.2-0.1		264972

fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660