CVE-2012-3456
published 2012-08-20CVE-2012-3456: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
20.07%
97.1th percentile
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calligra | calligra | <= 2.4.3 | — |
| calligra | calligra | — | — |
| calligra | calligra | — | — |
| calligra | calligra | — | — |
| calligra | calligra | >= 0 < 1:2.4.3-2 | 1:2.4.3-2 |
| calligra | calligra | >= 0 < 1:2.4.3-2 | 1:2.4.3-2 |
| calligra | calligra | >= 0 < 1:2.4.3-2 | 1:2.4.3-2 |
| calligra | calligra | >= 0 < 1:2.4.3-2 | 1:2.4.3-2 |
| debian | calligra | < calligra 1:2.4.3-2 (bookworm) | calligra 1:2.4.3-2 (bookworm) |
| kde | koffice | <= 2.3.3 | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
| kde | koffice | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-23cj-9wgg-g8w7: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2012-3455 [HIGH] CWE-119 GHSA-23cj-9wgg-g8w7: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
GHSA
GHSA-gmv4-h63m-hqgg: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2012-3456 [HIGH] CWE-119 GHSA-gmv4-h63m-hqgg: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
OSV
CVE-2012-3456: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles
osv·2012-08-20·CVSS 7.5
CVE-2012-3456 [HIGH] CVE-2012-3456: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Ubuntu
Calligra vulnerability
vendor_ubuntu·2012-08-09
CVE-2012-3456 Calligra vulnerability
Title: Calligra vulnerability
Summary: Calligra could be made to crash or run programs as your login if it opened
a specially crafted file.
It was discovered that Calligra incorrectly handled certain malformed
MS Word documents. If a user or automated system were tricked into opening
a crafted MS Word file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
Instructions: After a standard system update you need to restart Calligra to make
all the necessary changes.
Debian
CVE-2012-3456: calligra - Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/...
vendor_debian·2012·CVSS 7.5
CVE-2012-3456 [HIGH] CVE-2012-3456: calligra - Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/...
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Scope: local
bookworm: resolved (fixed in 1:2.4.3-2)
bullseye: resolved (fixed in 1:2.4.3-2)
forky: resolved (fixed in 1:2.4.3-2)
sid: resolved (fixed in 1:2.4.3-2)
trixie: resolved (fixed in 1:2.4.3-2)
No detection rules found.
Bugzilla
CVE-2012-3456 Calligra: DOC file rendering buffer overflow [fedora-17]
bugzilla·2012-08-06·CVSS 7.5
CVE-2012-3456 [HIGH] CVE-2012-3456 Calligra: DOC file rendering buffer overflow [fedora-17]
CVE-2012-3456 Calligra: DOC file rendering buffer overflow [fedora-17]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs
Bugzilla
CVE-2012-3456 Calligra: DOC file rendering buffer overflow
bugzilla·2012-08-06·CVSS 7.5
CVE-2012-3456 [HIGH] CVE-2012-3456 Calligra: DOC file rendering buffer overflow
CVE-2012-3456 Calligra: DOC file rendering buffer overflow
Charlie Miller reported a 0day flaw in the Nokia N9 which uses the Koffice
libraries which in turn have been forked to create the Calligra product.
Please see pages 39 and 40 of his slides available at:
http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf
Discussion:
Created calligra tracking bugs for this issue
Affects: fedora-17 [bug 846096]
---
Created attachment 602669
CVE-2012-3456 calligra buffer overflow patch
---
KDE security advisory:
http://www.kde.org/info/security/advisory-20120810-1.txt
---
calligra-l10n-2.5.0-2.fc17, calligra-2.5.0-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
---
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00026.htmlhttp://marc.info/?l=bugtraq&m=136733075705494&w=2http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdfhttp://secunia.com/advisories/50050http://www.kde.org/info/security/advisory-20120810-1.txthttp://www.openwall.com/lists/oss-security/2012/08/04/1http://www.openwall.com/lists/oss-security/2012/08/04/5http://www.openwall.com/lists/oss-security/2012/08/06/1http://www.openwall.com/lists/oss-security/2012/08/06/6http://www.openwall.com/lists/oss-security/2012/08/10/1http://www.securityfocus.com/bid/54816http://www.ubuntu.com/usn/USN-1525-1https://exchange.xforce.ibmcloud.com/vulnerabilities/77482http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00026.htmlhttp://marc.info/?l=bugtraq&m=136733075705494&w=2http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdfhttp://secunia.com/advisories/50050http://www.kde.org/info/security/advisory-20120810-1.txthttp://www.openwall.com/lists/oss-security/2012/08/04/1http://www.openwall.com/lists/oss-security/2012/08/04/5http://www.openwall.com/lists/oss-security/2012/08/06/1http://www.openwall.com/lists/oss-security/2012/08/06/6http://www.openwall.com/lists/oss-security/2012/08/10/1http://www.securityfocus.com/bid/54816http://www.ubuntu.com/usn/USN-1525-1https://exchange.xforce.ibmcloud.com/vulnerabilities/77482
2012-08-20
Published