CVE-2012-2149
libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
La función WPXContentListener::_closeTableRow en WPXContentListener.cpp en libwpd v0.8.8, tal y como es usado por OpenOffice.org (OOo) antes de v3.4, permite a atacantes remotos ejecutar código de su elección a través de un documento WordPerfect .WPD debidamente modificado, que provoca que se use un índice de matriz negativa. NOTA: algunas fuentes informan de este tema como un desbordamiento de enteros.
libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents. An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-04-04 CVE Reserved
- 2012-05-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-04-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html | Mailing List | |
| http://secunia.com/advisories/60799 | Third Party Advisory | |
| http://www.securityfocus.com/bid/53570 | Third Party Advisory | |
| http://www.securitytracker.com/id?1027069 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1043.html | 2023-11-07 | |
| http://secunia.com/advisories/46992 | 2023-11-07 | |
| http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml | 2023-11-07 | |
| http://www.openoffice.org/security/cves/CVE-2012-2149.html | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2012-2149 | 2012-06-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=822207 | 2012-06-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Enterprise Linux Optional Productivity Applications Search vendor "Redhat" for product "Enterprise Linux Optional Productivity Applications" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Openoffice.org Search vendor "Apache" for product "Openoffice.org" | <= 3.4 Search vendor "Apache" for product "Openoffice.org" and version " <= 3.4" | beta_1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Openoffice.org Search vendor "Apache" for product "Openoffice.org" | 3.3 Search vendor "Apache" for product "Openoffice.org" and version "3.3" | - |
Affected
| ||||||
| Libwpd Search vendor "Libwpd" | Libwpd Search vendor "Libwpd" for product "Libwpd" | 0.8.8 Search vendor "Libwpd" for product "Libwpd" and version "0.8.8" | - |
Affected
| ||||||