CVE-2012-2149

Name of the Vulnerable Software and Affected Versions libwpd version 0.8.8 OpenOffice.org (OOo) versions prior to 3.4

Description The issue allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used in the WPXContentListener:: closeTableRow function. Some sources report this issue as an integer overflow.

Recommendations For libwpd version 0.8.8, consider updating to a version that fixes the issue in the WPXContentListener:: closeTableRow function. For OpenOffice.org (OOo) versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted Wordperfect .WPD documents until a patch is available.