CVE-2012-1149: Buffer Overflow
First published: Thu Jun 21 2012(Updated: )
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libreoffice Libreoffice | <=3.5.2 | |
| Debian Debian Linux | =6.0 | |
| Debian Debian Linux | =7.0 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux Desktop | =5.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server Aus | =6.2 | |
| Redhat Enterprise Linux Server Eus | =6.2.z | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Apache Openoffice.org | =3.3.0 | |
| Apache Openoffice.org | =3.4-beta | |
| Fedoraproject Fedora | =15 | |
| Fedoraproject Fedora | =16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html
- http://rhn.redhat.com/errata/RHSA-2012-0705.html
- http://secunia.com/advisories/46992
- http://secunia.com/advisories/47244
- http://secunia.com/advisories/49140
- http://secunia.com/advisories/49373
- http://secunia.com/advisories/49392
- http://secunia.com/advisories/50692
- http://secunia.com/advisories/60799
- http://security.gentoo.org/glsa/glsa-201209-05.xml
- http://securitytracker.com/id?1027068
- http://www.debian.org/security/2012/dsa-2473
- http://www.debian.org/security/2012/dsa-2487
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.libreoffice.org/advisories/cve-2012-1149/
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:090
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:091
- http://www.openoffice.org/security/cves/CVE-2012-1149.html
- http://www.osvdb.org/81988
- http://www.securityfocus.com/bid/53570
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75692
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/libreoffice
- canonical/libreoffice libreoffice
- version/libreoffice libreoffice/3.5.2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/6.0
- version/debian debian linux/7.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.2
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/6.2.z
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/apache
- canonical/apache openoffice.org
- version/apache openoffice.org/3.3.0
- version/apache openoffice.org/3.4-beta
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/15
- version/fedoraproject fedora/16