PT-2012-3838 · Libreoffice+2 · Libwpd+3
Kestutis Gudinavicius
·
Published
2012-06-21
·
Updated
2023-02-13
·
CVE-2012-2149
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
libwpd version 0.8.8
OpenOffice.org (OOo) versions prior to 3.4
Description
The issue allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used in the WPXContentListener:: closeTableRow function. Some sources report this issue as an integer overflow.
Recommendations
For libwpd version 0.8.8, consider updating to a version that fixes the issue in the WPXContentListener:: closeTableRow function.
For OpenOffice.org (OOo) versions prior to 3.4, update to version 3.4 or later to resolve the issue.
As a temporary workaround, consider restricting the use of crafted Wordperfect .WPD documents until a patch is available.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openoffice
Openoffice.Org
Red Hat
Libwpd