CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0645

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile2.67th
PublishedAug 6, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.

Affected Platforms (CPE)

πŸ“¦
Abisource

Community Abiword

= 2.0.3
πŸ“¦
Abisource

Community Abiword

= 2.0.4
πŸ“¦
Abisource

Community Abiword

= 2.0.5
πŸ“¦
Abisource

Community Abiword

= 2.0.6
πŸ“¦
Abisource

Community Abiword

= 2.0.7
πŸ“¦
Wvware

Wvware

= 0.7.4
πŸ“¦
Wvware

Wvware

= 0.7.5
πŸ“¦
Wvware

Wvware

= 0.7.6
πŸ“¦
Wvware

Wvware

= 1.0

References & Advisories

πŸ”— http://cpan.cybercomm.nl/pub/gentoo-portage/app-text/wv/files/wv-1.0.0-fix_overflow.patch
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000863
πŸ”— http://security.gentoo.org/glsa/glsa-200407-11.xml
πŸ”— http://www.debian.org/security/2004/dsa-579
πŸ”— http://www.freebsd.org/ports/portaudit/7a5430df-d562-11d8-b479-02e0185c0b53.html
πŸ”— http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities
πŸ”— http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:077
πŸ”— http://www.osvdb.org/7761

Related Vulnerabilities

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-105010.0

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME a...

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-039110.0

Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded use...