ID CVE-2012-2149
Summary The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:enterprise_linux__optional_productivity_applications:*:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_linux__optional_productivity_applications:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice.org:3.4:beta_1:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice.org:3.4:beta_1:*:*:*:*:*:*
  • cpe:2.3:a:libwpd:libwpd:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:libwpd:libwpd:0.8.8:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-08-2016 - 18:38)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 822207
title CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment libwpd is earlier than 0:0.8.7-3.1.el5_8
        oval oval:com.redhat.rhsa:tst:20121043002
      • comment libwpd is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070055003
    • AND
      • comment libwpd-devel is earlier than 0:0.8.7-3.1.el5_8
        oval oval:com.redhat.rhsa:tst:20121043004
      • comment libwpd-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070055005
    • AND
      • comment libwpd-tools is earlier than 0:0.8.7-3.1.el5_8
        oval oval:com.redhat.rhsa:tst:20121043006
      • comment libwpd-tools is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070055007
rhsa
id RHSA-2012:1043
released 2012-06-26
severity Important
title RHSA-2012:1043: libwpd security update (Important)
rpms
  • libwpd-0:0.8.7-3.1.el5_8
  • libwpd-devel-0:0.8.7-3.1.el5_8
  • libwpd-tools-0:0.8.7-3.1.el5_8
refmap via4
bid 53570
bugtraq 20120516 CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
confirm http://www.openoffice.org/security/cves/CVE-2012-2149.html
gentoo GLSA-201408-19
misc
sectrack 1027069
secunia
  • 46992
  • 60799
Last major update 17-08-2016 - 18:38
Published 21-06-2012 - 15:55
Back to Top