cbcvebase.
CVE-2012-3456
published 2012-08-20

CVE-2012-3456: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier…

PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
20.07%
97.1th percentile
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Affected

22 ranges
VendorProductVersion rangeFixed in
calligracalligra<= 2.4.3
calligracalligra
calligracalligra
calligracalligra
calligracalligra>= 0 < 1:2.4.3-21:2.4.3-2
calligracalligra>= 0 < 1:2.4.3-21:2.4.3-2
calligracalligra>= 0 < 1:2.4.3-21:2.4.3-2
calligracalligra>= 0 < 1:2.4.3-21:2.4.3-2
debiancalligra< calligra 1:2.4.3-2 (bookworm)calligra 1:2.4.3-2 (bookworm)
kdekoffice<= 2.3.3
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice
kdekoffice

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.