CVE-2012-3455

EUVD-2012-3416

20.08.2012, 19:55

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document.  NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Affected Products (NVD)

Vendor	Product	Version
kde	koffice	𝑥 ≤ 2.3.3
kde	koffice	1.2
kde	koffice	1.2.1
kde	koffice	1.3
kde	koffice	1.3:beta1
kde	koffice	1.3:beta2
kde	koffice	1.3:beta3
kde	koffice	1.3.1
kde	koffice	1.3.2
kde	koffice	1.3.3
kde	koffice	1.3.4
kde	koffice	1.3.5
kde	koffice	1.4
kde	koffice	1.4.1
kde	koffice	1.4.2
kde	koffice	1.6.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

koffice

hardy	ignored
lucid	ignored
natty	Fixed 1:2.3.3-0ubuntu4.1 released
oneiric	Fixed 1:2.3.3-0ubuntu6.1 released
precise	dne
quantal	dne
raring	dne
saucy	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

wv2

hardy	ignored
lucid	ignored
natty	ignored
oneiric	ignored
precise	ignored
quantal	not-affected
raring	not-affected
saucy	not-affected
trusty	dne
utopic	not-affected
vivid	not-affected
wily	dne
xenial	dne
yakkety	dne
zesty	dne