CVE-2012-2149

EUVD-2012-2144
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used.  NOTE: some sources report this issue as an integer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_linux__optional_productivity_applications
*
redhatenterprise_linux_desktop
5.0
apacheopenoffice.org
𝑥
≤ 3.4
apacheopenoffice.org
3.3
libwpdlibwpd
0.8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libwpd
bookworm
0.10.3-2
fixed
bullseye
0.10.3-1
fixed
sid
0.10.3-2
fixed
trixie
0.10.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libreoffice
hardy
dne
lucid
dne
natty
ignored
oneiric
ignored
precise
ignored
libwpd
hardy
ignored
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
openoffice.org
hardy
ignored
lucid
ignored
natty
not-affected
oneiric
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html
http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html
http://rhn.redhat.com/errata/RHSA-2012-1043.html
http://secunia.com/advisories/46992
http://secunia.com/advisories/60799
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.openoffice.org/security/cves/CVE-2012-2149.html
http://www.securityfocus.com/bid/53570
http://www.securitytracker.com/id?1027069
https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt
http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html
http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html
http://rhn.redhat.com/errata/RHSA-2012-1043.html
http://secunia.com/advisories/46992
http://secunia.com/advisories/60799
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.openoffice.org/security/cves/CVE-2012-2149.html
http://www.securityfocus.com/bid/53570
http://www.securitytracker.com/id?1027069
https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt