Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Fix buffer overflow in MS Word ODF filter among other non-security related bugs.

Also a version update to 2.4.3 happened :

  - Words :

  - Always show vertical scroll bar to avoid race condition     (kde#301076)

  - Do not save with an attribue that makes LibreOffice and     OpenOffice crash (kde#298689 )

  - Kexi :

  - Fixed import from csv when &ldquo;Start at Line&rdquo;
    value changed (kde#302209)

  - Set limit to 255 characters for Text type (VARCHAR)     (kde#301277 and 301136)

  + - Remove limits for Text data type, leave as option     (kde#301277)

  - Fixed data saving when focus policy for one of widgets     is NoFocus (kde#301109)

  - Krita :

  - Read and set the resolution for psd images

  - Charts :

  - Fix load/save styles of all shapes     (title,subtitle,axistitles,footer,etc.)

  - Lines in the chart should be displayed (kde#271771)

  - Combined Bar and Line Charts only show bars (Trendlines     not supported) (kde#288537)

  - Load/save chart type for each dataset (kde#271771 and     288537)

The remote host is affected by the vulnerability described in GLSA-201209-10 (Calligra: User-assisted execution of arbitrary code)

    An error in the read() function in styles.cpp could cause a heap-based       buffer overflow.
  Impact :

    A remote attacker could entice a user to open a specially crafted ODF       file, possibly resulting in execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

KDE Security Advisory reports :

A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf.

New stable release, which includes security fix for msword-odf import filter.

See also: http://www.calligra.org/news/calligra-2-5-released/

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that Calligra incorrectly handled certain malformed MS Word documents. If a user or automated system were tricked into opening a crafted MS Word file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
74724	openSUSE Security Update : calligra (openSUSE-SU-2012:1061-1)	Nessus	SuSE Local Security Checks	high
62300	GLSA-201209-10 : Calligra: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
61677	FreeBSD : Calligra, KOffice -- input validation failure (aa4d3d73-ef17-11e1-b593-00269ef07d24)	Nessus	FreeBSD Local Security Checks	high
61613	Fedora 17 : calligra-2.5.0-2.fc17 / calligra-l10n-2.5.0-2.fc17 (2012-11566)	Nessus	Fedora Local Security Checks	high
61483	Ubuntu 12.04 LTS : calligra vulnerability (USN-1525-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2012-3456

high

Tenable Plugins

high

high

high

high

high