Vulnerability Description
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libreoffice | Libreoffice | <= 3.5.2 |
| Debian | Debian Linux | 6.0 |
| Redhat | Enterprise Linux | 5.0 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 6.2 |
| Redhat | Enterprise Linux Server Eus | 6.2.z |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Apache | Openoffice.Org | 3.3.0 |
| Fedoraproject | Fedora | 15 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.htmlBroken Link
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0705.htmlThird Party Advisory
- http://secunia.com/advisories/46992
- http://secunia.com/advisories/47244
- http://secunia.com/advisories/49140
- http://secunia.com/advisories/49373
- http://secunia.com/advisories/49392Vendor Advisory
- http://secunia.com/advisories/50692
- http://secunia.com/advisories/60799
- http://security.gentoo.org/glsa/glsa-201209-05.xmlThird Party Advisory
- http://securitytracker.com/id?1027068PatchThird Party AdvisoryVDB Entry
- http://www.debian.org/security/2012/dsa-2473Third Party Advisory
- http://www.debian.org/security/2012/dsa-2487Third Party Advisory
FAQ
What is CVE-2012-1149?
CVE-2012-1149 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application cr...
How severe is CVE-2012-1149?
CVE-2012-1149 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1149?
Check the references section above for vendor advisories and patch information. Affected products include: Libreoffice Libreoffice, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.