CVE-2012-2149

Description

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.

How to fix CVE-2012-2149

To remediate CVE-2012-2149, upgrade the affected package to a fixed version below.

• Debian/libwpd—upgrade to 0.8.14-1 or later

Is CVE-2012-2149 being exploited?

Moderate — EPSS is 7.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.8.14-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-2149