Lucene search

RedhatCVE-2012-3455

HistoryAug 20, 2012 - 7:55 p.m.

CVE-2012-3455

2012-08-2019:55:05

CWE-119

redhat

web.nvd.nist.gov

cve-2012-3455

heap-based buffer overflow

microsoft

koffice 2.3.3

denial of service

arbitrary code

odf document

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.736

Percentile

98.2%

JSON

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Affected configurations

Nvd

Node

kdekofficeRange≤2.3.3

kdekofficeMatch1.2

kdekofficeMatch1.2.1

kdekofficeMatch1.3

kdekofficeMatch1.3beta1

kdekofficeMatch1.3beta2

kdekofficeMatch1.3beta3

kdekofficeMatch1.3.1

kdekofficeMatch1.3.2

kdekofficeMatch1.3.3

kdekofficeMatch1.3.4

kdekofficeMatch1.3.5

kdekofficeMatch1.4

kdekofficeMatch1.4.1

kdekofficeMatch1.4.2

kdekofficeMatch1.6.1

VendorProductVersionCPE
kdekoffice*cpe:2.3:a:kde:koffice:*:*:*:*:*:*:*:*
kdekoffice1.2cpe:2.3:a:kde:koffice:1.2:*:*:*:*:*:*:*
kdekoffice1.2.1cpe:2.3:a:kde:koffice:1.2.1:*:*:*:*:*:*:*
kdekoffice1.3cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*
kdekoffice1.3cpe:2.3:a:kde:koffice:1.3:beta1:*:*:*:*:*:*
kdekoffice1.3cpe:2.3:a:kde:koffice:1.3:beta2:*:*:*:*:*:*
kdekoffice1.3cpe:2.3:a:kde:koffice:1.3:beta3:*:*:*:*:*:*
kdekoffice1.3.1cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*
kdekoffice1.3.2cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*
kdekoffice1.3.3cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kde	koffice	*	cpe:2.3:a:kde:koffice::::::::
kde	koffice	1.2	cpe:2.3:a:kde:koffice:1.2:::::::*
kde	koffice	1.2.1	cpe:2.3:a:kde:koffice:1.2.1:::::::*
kde	koffice	1.3	cpe:2.3:a:kde:koffice:1.3:::::::*
kde	koffice	1.3	cpe:2.3:a:kde:koffice:1.3:beta1::::::
kde	koffice	1.3	cpe:2.3:a:kde:koffice:1.3:beta2::::::
kde	koffice	1.3	cpe:2.3:a:kde:koffice:1.3:beta3::::::
kde	koffice	1.3.1	cpe:2.3:a:kde:koffice:1.3.1:::::::*
kde	koffice	1.3.2	cpe:2.3:a:kde:koffice:1.3.2:::::::*
kde	koffice	1.3.3	cpe:2.3:a:kde:koffice:1.3.3:::::::*