CVE-2012-2149

CWE-1897 documents7 sources
Severity
7.5HIGH
EPSS
7.9%
top 7.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Openoffice.orgLibwpd LibwpdRedhat Enterprise Linux Desktop
Timeline
PublishedJun 21
Latest updateMay 17

Description

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

Debianlibwpd< 0.8.14-1+3
NVDlibwpd/libwpd0.8.8

🔴Vulnerability Details

3
GHSA
GHSA-q242-fx58-pm2p: The WPXContentListener::_closeTableRow function in WPXContentListener2022-05-17
CVEList
CVE-2012-2149: The WPXContentListener::_closeTableRow function in WPXContentListener2012-06-21
OSV
CVE-2012-2149: The WPXContentListener::_closeTableRow function in WPXContentListener2012-06-21

📋Vendor Advisories

2
Red Hat
libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents2012-05-16
Debian
CVE-2012-2149: libwpd - The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in lib...2012

💬Community

1
Bugzilla
CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents2012-05-16
CVE-2012-2149 (HIGH CVSS 7.5) | The WPXContentListener::_closeTable | cvebase.io