CVE-2012-2149 : The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in lib

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.

Published 2012-06-21 15:55:13

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2012-2149

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Optional Productivity Applications
cpe:2.3:a:redhat:enterprise_linux__optional_productivity_applications:*:*:*:*:*:*:*:*
Matching versions
Apache » Openoffice.org » Update Beta 1
Versions up to, including, (<=) 3.4
cpe:2.3:a:apache:openoffice.org:*:beta_1:*:*:*:*:*:*
Matching versions
Apache » Openoffice.org » Version: 3.3
cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*
Matching versions
Libwpd » Libwpd » Version: 0.8.8
cpe:2.3:a:libwpd:libwpd:0.8.8:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-2149

EPSS FAQ

6.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-2149

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-2149

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2149

http://www.securityfocus.com/bid/53570

OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://secunia.com/advisories/46992

Sign in
Vendor Advisory

CVEs referencing this url
http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html

libwpd WPXContentListener::_closeTableRow() Memory Overwrite ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
http://www.openoffice.org/security/cves/CVE-2012-2149.html

CVE-2012-2149
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html
https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt

Page not found | SEC Consult
Exploit
http://rhn.redhat.com/errata/RHSA-2012-1043.html

RHSA-2012:1043 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://secunia.com/advisories/60799

Sign in
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id?1027069

OpenOffice.org WordPerfect Library Memory Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

OpenOffice, LibreOffice: Multiple vulnerabilities (GLSA 201408-19) — Gentoo security

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-2149

Products affected by CVE-2012-2149

Exploit prediction scoring system (EPSS) score for CVE-2012-2149

CVSS scores for CVE-2012-2149

CWE ids for CVE-2012-2149

References for CVE-2012-2149