CVE-2012-3456

Published Aug 20, 2012

Last updated a year ago

CVSS info 7.5

Overview

Description: Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:calligra:calligra:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3909F4A0-3FC4-4640-BCCF-201D66D3BF98",
            "versionEndIncluding": "2.4.3"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AA6D16D-E003-4E9B-8E1F-E2805EFF4297"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "449711D4-5FC0-4701-81ED-A527E5416BEC"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AAC65A7-ED2B-48EC-9A19-6D3058E4252C"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CF3793D-3698-4003-B1EA-28DC038E0C1D"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B02ADDD0-60EE-4123-AF85-C17C878E3AA2"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F891F8A7-282A-4D6F-A490-FA24F8EAF5D6"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B538295-C391-45E1-84F9-19DFC6798894"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B7517B-69DC-4A69-BC1E-B4F6FAC6C5BE"
          },
          {
            "criteria": "cpe:2.3:a:calligra:calligra:2.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ECE04D2-C0A0-47B0-BE2A-15F7E9789500"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References