Arch Linux ASA-201412-5 High: Antiword Buffer Overflow Risk

The package antiword before version 0.37-5 is suffering from a buffer overflow vulnerability that may lead to arbitrary code execution.

Arch Linux Security Advisory ASA-201412-5
========================================
Severity: High
Date    : 2014-12-04
CVE-ID  : CVE-2014-8123
Package : antiword
Type    : buffer overflow
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE-2014

Summary
======
The package antiword before version 0.37-5 is suffering from a buffer
overflow vulnerability that may lead to arbitrary code execution.

Resolution
=========
Upgrade to 0.37-5.

# pacman -Syu "antiword>=0.37-5"

The problem has not yet been fixed upstream but a local patch is applied.

Workaround
=========
None.

Description
==========
The program antiword is suffering from a buffer overflow within
atPPSlist[].szName[] that may lead to denial of service or arbitrary
code execution.

Impact
=====
An attacker is able to craft a special file hat triggers the buffer
overflow leading to denial of service or arbitrary code execution.

References
=========
https://seclists.org/oss-sec/2014/q4/874
https://access.redhat.com/security/cve/CVE-2014-8123
https://bugs.archlinux.org/task/42982