CVE-2012-2149
Published: 21 June 2012
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
libreoffice Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
upstream |
Needs triage
|
|
libwpd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(0.8.14-1build1)
|
|
natty |
Not vulnerable
(0.9.0-2)
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
upstream |
Released
(0.8.14-1, 0.9.0-1)
|
|
Patches: upstream: http://libwpd.git.sourceforge.net/git/gitweb.cgi?p=libwpd/libwpd;a=commitdiff;h=abb8afbd9be6acbb1ed47933be2dc619e0f78975 upstream: http://libwpd.git.sourceforge.net/git/gitweb.cgi?p=libwpd/libwpd;a=commitdiff;h=a6509140e862f0c7bc99eb29701042ade19bc4b9 |
||
openoffice.org Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(transitional packages)
|
|
oneiric |
Not vulnerable
(transitional packages)
|
|
precise |
Not vulnerable
(transitional packages)
|
|
upstream |
Needs triage
|