CVE-2012-2149 – libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents

https://notcve.org/view.php?id=CVE-2012-2149

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow. La función WPXContentListener::_closeTableRow en WPXContentListener.cpp en libwpd v0.8.8, tal y como es usado por OpenOffice.org (OOo) antes de v3.4, permite a atacantes remotos ejecutar código de su elección a través de un documento WordPerfect .WPD debidamente modificado, que provoca que se use un índice de matriz negativa. NOTA: algunas fuentes informan de este tema como un desbordamiento de enteros. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html http://rhn.redhat.com/errata/RHSA-2012-1043.html http://secunia.com/advisories/46992 http://secunia.com/advisories/60799 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.openoffice.org/security/cves/CVE-2012-2149.html http://www.securityfocus.com/bid/53570 http://www.securitytracker.com/id?1027069 • CWE-189: Numeric Errors •