CVE-2004-0645

NameCVE-2004-0645
DescriptionBuffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-550-1, DSA-579-1
NVD severityhigh (attack range: remote)
Debian Bugs264972

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
abiword (PTS)wheezy2.9.2+svn20120603-8fixed
jessie3.0.0-8fixed
stretch3.0.2-2fixed
buster, sid3.0.2-4fixed
wv (PTS)wheezy1.2.9-3fixed
jessie1.2.9-4.1fixed
stretch, buster, sid1.2.9-4.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
abiwordsource(unstable)2.0.8high
abiwordsourcewoody1.0.2+cvs.2002.06.05-1woody2highDSA-579-1
wvsource(unstable)1.0.2-0.1high264972
wvsourcewoody0.7.1+rvt-2woody3highDSA-550-1264972

Notes

fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660

Search for package or bug name: Reporting problems