CVE-2006-4513
EPSS 7.3%
Description
Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
How to fix CVE-2006-4513
To remediate CVE-2006-4513, upgrade the affected package to a fixed version below.
- Debian/abiword—upgrade to 2.4.6-1 or later
- Debian/wv—upgrade to 1.2.4-1 or later
Is CVE-2006-4513 being exploited?
Moderate — EPSS is 7.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.4.6-1
- from 0, < 1.2.4-1