Package: antiword Followup-For: Bug #1008092 As requested here's a summary of one potential unsanitised input data issue that may be leading to this (or other) error(s).
`vSetSummaryInfoOLE()` calls `pucAnalyseSummaryInfoHeader()` that does: `if (!bReadBuffer(pFile, ... aucBuffer, ...) ... return aucBuffer;` and then calls `vAnalyseSummaryInfo(pucBuffer)` - there-in if `ulOffset` is especially large the following: `tPropType = (size_t)ulGetLong(ulOffset, aucBuffer);` could be outside of `aucBuffer` since the size of the buffer is not passed to this function and therefore cannot be checked.
