CVE-2012-1149

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Published: Jun 21, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1149
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
libreoffice / libreoffice	-	3.5.2.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x
redhat / enterprise_linux_server_aus	6.2	6.2.x
redhat / enterprise_linux_server_eus	6.2.z	6.2.z.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux	5.0	5.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
apache / openoffice.org	3.4-beta	3.4-beta.x
apache / openoffice.org	3.3.0	3.3.0.x
fedoraproject / fedora	16	16.x
fedoraproject / fedora	15	15.x

Vulnerability Database

289,599

CVE-2012-1149