CVE-2012-3455

Published Aug 20, 2012

Last updated a year ago

CVSS info 7.5

Overview

Description: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kde:koffice:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23BD6648-1429-46D3-8832-EAF6078F3A89",
            "versionEndIncluding": "2.3.3"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADDFDF11-A965-48B0-AC5A-1AB34A8FE93B"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88CD4B3-FC36-4009-AF40-E5930167B62A"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "053435DD-BFDF-4C39-9919-11C42D569085"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "022B3A2E-BB9E-4A57-8E34-32BCA5A72CA0"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4961F911-B185-440D-9977-FDA238BB1EC4"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A15C155C-4CDB-43CD-86F3-F969B6CBADF9"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9BB1A3C-3348-4545-A513-E504B33F72AB"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD45E2C8-0B0E-484F-8050-94BF77798183"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EAA654E-9DD4-4614-92D7-EF4D676B3A18"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99E505C5-C809-425F-AF68-A8D79330DE83"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "267A2353-C2B9-4D7F-9290-9E3AC1B8C8D5"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37C08E0A-651F-458B-BCEC-A30DCD527E47"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6000D6AF-C056-4BC0-A54C-72E23E52AB92"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7D036E4-FA49-417D-968B-9D73B16A09BA"
          },
          {
            "criteria": "cpe:2.3:a:kde:koffice:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C69061C5-F7AF-4F1B-B6B1-3F76CF61F8AE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References