Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2012-3456

Published: 20/08/2012 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Calligra

Vulnerability Summary

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and previous versions allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Vulnerable Product Search on Vulmon Subscribe to Product

calligra calligra 2.4.2

calligra calligra

calligra calligra 2.4

calligra calligra 2.4.1

Vendor Advisories

Debian CVElist Bug Report Logs: calligra: Buffer overflow
Debian Bug report logs - #684004 calligra: Buffer overflow Package: calligra; Maintainer for calligra is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for calligra is src:calligra (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 6 Aug 2012 08:33:01 UTC Severity: ...
Ubuntu Security Notice: calligra vulnerability
Calligra could be made to crash or run programs as your login if it opened a specially crafted file ...

Exploits

Exploit DB: Alligra Calligra - Heap Buffer Overflow
source: wwwsecurityfocuscom/bid/54816/info Calligra is prone to a remote buffer-overflow vulnerability An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application Failed exploit attempts will likely result in denial-of-service conditions Calligra 243 and KOffice 233 are ...

References

CWE-119http://www.openwall.com/lists/oss-security/2012/08/04/1http://www.openwall.com/lists/oss-security/2012/08/10/1http://www.securityfocus.com/bid/54816http://www.openwall.com/lists/oss-security/2012/08/06/1http://www.openwall.com/lists/oss-security/2012/08/04/5http://www.kde.org/info/security/advisory-20120810-1.txthttp://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdfhttp://secunia.com/advisories/50050http://www.openwall.com/lists/oss-security/2012/08/06/6http://www.ubuntu.com/usn/USN-1525-1http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00026.htmlhttp://marc.info/?l=bugtraq&m=136733075705494&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/77482https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684004https://usn.ubuntu.com/1525-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/37576/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook