ID CVE-2012-2149
Summary The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:enterprise_linux__optional_productivity_applications:*:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_linux__optional_productivity_applications:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:openoffice.org:3.4:beta_1:*:*:*:*:*:*
    cpe:2.3:a:apache:openoffice.org:3.4:beta_1:*:*:*:*:*:*
  • cpe:2.3:a:libwpd:libwpd:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:libwpd:libwpd:0.8.8:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-08-2016 - 18:38)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 822207
title CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment libwpd is earlier than 0:0.8.7-3.1.el5_8
          oval oval:com.redhat.rhsa:tst:20121043001
        • comment libwpd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070055002
      • AND
        • comment libwpd-devel is earlier than 0:0.8.7-3.1.el5_8
          oval oval:com.redhat.rhsa:tst:20121043003
        • comment libwpd-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070055004
      • AND
        • comment libwpd-tools is earlier than 0:0.8.7-3.1.el5_8
          oval oval:com.redhat.rhsa:tst:20121043005
        • comment libwpd-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070055006
rhsa
id RHSA-2012:1043
released 2012-06-26
severity Important
title RHSA-2012:1043: libwpd security update (Important)
rpms
  • libwpd-0:0.8.7-3.1.el5_8
  • libwpd-debuginfo-0:0.8.7-3.1.el5_8
  • libwpd-devel-0:0.8.7-3.1.el5_8
  • libwpd-tools-0:0.8.7-3.1.el5_8
refmap via4
bid 53570
bugtraq 20120516 CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
confirm http://www.openoffice.org/security/cves/CVE-2012-2149.html
gentoo GLSA-201408-19
misc
sectrack 1027069
secunia
  • 46992
  • 60799
Last major update 17-08-2016 - 18:38
Published 21-06-2012 - 15:55
Last modified 17-08-2016 - 18:38
Back to Top