CVE-2012-1149: Buffer Overflow
First published: Thu Jun 21 2012(Updated: )
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| The Document Foundation LibreOffice | <=3.5.2 | |
| Debian GNU/Linux | =6.0 | |
| Debian GNU/Linux | =7.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| redhat enterprise Linux desktop | =5.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =6.2 | |
| redhat enterprise Linux server eus | =6.2.z | |
| redhat enterprise Linux workstation | =6.0 | |
| apache openoffice.org | =3.3.0 | |
| apache openoffice.org | =3.4-beta | |
| Fedoraproject Fedora | =15 | |
| Fedoraproject Fedora | =16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html
- http://rhn.redhat.com/errata/RHSA-2012-0705.html
- http://secunia.com/advisories/46992
- http://secunia.com/advisories/47244
- http://secunia.com/advisories/49140
- http://secunia.com/advisories/49373
- http://secunia.com/advisories/49392
- http://secunia.com/advisories/50692
- http://secunia.com/advisories/60799
- http://security.gentoo.org/glsa/glsa-201209-05.xml
- http://securitytracker.com/id?1027068
- http://www.debian.org/security/2012/dsa-2473
- http://www.debian.org/security/2012/dsa-2487
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.libreoffice.org/advisories/cve-2012-1149/
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:090
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:091
- http://www.openoffice.org/security/cves/CVE-2012-1149.html
- http://www.osvdb.org/81988
- http://www.securityfocus.com/bid/53570
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75692
Frequently Asked Questions
What is the severity of CVE-2012-1149?
CVE-2012-1149 is classified as a high severity vulnerability due to its potential to cause application crashes and arbitrary code execution.
How do I fix CVE-2012-1149?
To fix CVE-2012-1149, update OpenOffice.org to version 3.4.1 or later and LibreOffice to version 3.5.3 or later.
Which versions of software are affected by CVE-2012-1149?
CVE-2012-1149 affects OpenOffice.org versions 3.3, 3.4 Beta, and earlier, as well as LibreOffice versions prior to 3.5.3.
What impact does CVE-2012-1149 have on systems?
CVE-2012-1149 can lead to a denial of service, causing application crashes, and could potentially allow remote attackers to execute arbitrary code.
Is there a patched version for CVE-2012-1149?
Yes, patched versions for CVE-2012-1149 are available in OpenOffice.org 3.4.1 and LibreOffice 3.5.3 or later.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/libreoffice
- canonical/the document foundation libreoffice
- version/the document foundation libreoffice/3.5.2
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/6.0
- version/debian gnu/linux/7.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.2
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/6.2.z
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/apache
- canonical/apache openoffice.org
- version/apache openoffice.org/3.3.0
- version/apache openoffice.org/3.4-beta
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/15
- version/fedoraproject fedora/16