CVE-2012-1149

Severity

75%

Complexity

99%

Confidentiality

106%

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 12 years ago

2012-06-21 15:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

LibreOffice LibreOffice

Debian GNU/Linux 6.0

6.0

Debian Linux 7.0

7.0

Red Hat Enterprise Linux 5.0

5.0

Red Hat Desktop 5.0

5.0

Red Hat Enterprise Linux Desktop 6.0

6.0

Red Hat Enterprise Linux Server 6.0

6.0

Red Hat Enterprise Linux Workstation 6.0

6.0

Apache Software Foundation OpenOffice.org 3.3.0

3.3.0

Apache Software Foundation OpenOffice.org 3.4 Beta

3.4

Fedora 15

15

Fedora 16

16

References

20120516 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object

Broken Link

46992

47244

49140

49373

49392

Vendor Advisory

50692

60799

GLSA-201209-05

Third Party Advisory

1027068

Patch, Third Party Advisory, VDB Entry

DSA-2473

Third Party Advisory

DSA-2487

Third Party Advisory

GLSA-201408-19

Third Party Advisory

http://www.libreoffice.org/advisories/cve-2012-1149/

Vendor Advisory

MDVSA-2012:090

Broken Link

MDVSA-2012:091

Broken Link

http://www.openoffice.org/security/cves/CVE-2012-1149.html

Third Party Advisory

81988

Broken Link

53570

Third Party Advisory, VDB Entry

openoffice-vclmi-bo(75692)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2012-1149

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 12 years ago

Last updated 7 years ago

Affected Software

LibreOffice LibreOffice

Debian GNU/Linux 6.0

Debian Linux 7.0

Red Hat Enterprise Linux 5.0

Red Hat Desktop 5.0

Red Hat Enterprise Linux Desktop 6.0

Red Hat Enterprise Linux Server 6.0

Red Hat Enterprise Linux Workstation 6.0

Apache Software Foundation OpenOffice.org 3.3.0

Apache Software Foundation OpenOffice.org 3.4 Beta

Fedora 15

Fedora 16

References

20120516 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object

FEDORA-2012-8114

FEDORA-2012-8042

RHSA-2012:0705

46992

47244

49140

49373

49392

50692

60799

GLSA-201209-05

1027068

DSA-2473

DSA-2487

GLSA-201408-19

http://www.libreoffice.org/advisories/cve-2012-1149/

MDVSA-2012:090

MDVSA-2012:091

http://www.openoffice.org/security/cves/CVE-2012-1149.html

81988

53570

openoffice-vclmi-bo(75692)

Stay updated

Get in touch