Unrated severityNVD Advisory· Published Aug 20, 2012· Updated Apr 29, 2026

CVE-2012-3455

Description

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Affected products

KDE/Koffice16 versions
cpe:2.3:a:kde:koffice:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:kde:koffice:*:*:*:*:*:*:*:*range: <=2.3.3
- cpe:2.3:a:kde:koffice:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3:beta2:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3:beta3:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:koffice:1.6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000