CVE-2012-1149

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0705.html Third Party Advisory
http://secunia.com/advisories/46992
http://secunia.com/advisories/47244
http://secunia.com/advisories/49140
http://secunia.com/advisories/49373
http://secunia.com/advisories/49392 Vendor Advisory
http://secunia.com/advisories/50692
http://secunia.com/advisories/60799
http://security.gentoo.org/glsa/glsa-201209-05.xml Third Party Advisory
http://securitytracker.com/id?1027068 Patch Third Party Advisory VDB Entry
http://www.debian.org/security/2012/dsa-2473 Third Party Advisory
http://www.debian.org/security/2012/dsa-2487 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.libreoffice.org/advisories/cve-2012-1149/ Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:090 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:091 Broken Link
http://www.openoffice.org/security/cves/CVE-2012-1149.html Third Party Advisory
http://www.osvdb.org/81988 Broken Link
http://www.securityfocus.com/bid/53570 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75692
http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0705.html Third Party Advisory
http://secunia.com/advisories/46992
http://secunia.com/advisories/47244
http://secunia.com/advisories/49140
http://secunia.com/advisories/49373
http://secunia.com/advisories/49392 Vendor Advisory
http://secunia.com/advisories/50692
http://secunia.com/advisories/60799
http://security.gentoo.org/glsa/glsa-201209-05.xml Third Party Advisory
http://securitytracker.com/id?1027068 Patch Third Party Advisory VDB Entry
http://www.debian.org/security/2012/dsa-2473 Third Party Advisory
http://www.debian.org/security/2012/dsa-2487 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.libreoffice.org/advisories/cve-2012-1149/ Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:090 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:091 Broken Link
http://www.openoffice.org/security/cves/CVE-2012-1149.html Third Party Advisory
http://www.osvdb.org/81988 Broken Link
http://www.securityfocus.com/bid/53570 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75692
Configurations

Configuration 1 (hide)

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:apache:openoffice.org:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openoffice.org:3.4:beta:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*

History

21 Nov 2024, 01:36

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html - Broken Link () http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html - Broken Link
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-0705.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0705.html - Third Party Advisory
References () http://secunia.com/advisories/46992 - () http://secunia.com/advisories/46992 -
References () http://secunia.com/advisories/47244 - () http://secunia.com/advisories/47244 -
References () http://secunia.com/advisories/49140 - () http://secunia.com/advisories/49140 -
References () http://secunia.com/advisories/49373 - () http://secunia.com/advisories/49373 -
References () http://secunia.com/advisories/49392 - Vendor Advisory () http://secunia.com/advisories/49392 - Vendor Advisory
References () http://secunia.com/advisories/50692 - () http://secunia.com/advisories/50692 -
References () http://secunia.com/advisories/60799 - () http://secunia.com/advisories/60799 -
References () http://security.gentoo.org/glsa/glsa-201209-05.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-201209-05.xml - Third Party Advisory
References () http://securitytracker.com/id?1027068 - Patch, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1027068 - Patch, Third Party Advisory, VDB Entry
References () http://www.debian.org/security/2012/dsa-2473 - Third Party Advisory () http://www.debian.org/security/2012/dsa-2473 - Third Party Advisory
References () http://www.debian.org/security/2012/dsa-2487 - Third Party Advisory () http://www.debian.org/security/2012/dsa-2487 - Third Party Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory
References () http://www.libreoffice.org/advisories/cve-2012-1149/ - Vendor Advisory () http://www.libreoffice.org/advisories/cve-2012-1149/ - Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:090 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2012:090 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:091 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2012:091 - Broken Link
References () http://www.openoffice.org/security/cves/CVE-2012-1149.html - Third Party Advisory () http://www.openoffice.org/security/cves/CVE-2012-1149.html - Third Party Advisory
References () http://www.osvdb.org/81988 - Broken Link () http://www.osvdb.org/81988 - Broken Link
References () http://www.securityfocus.com/bid/53570 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/53570 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/75692 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/75692 -

Information

Published : 2012-06-21 15:55

Updated : 2024-11-21 01:36


NVD link : CVE-2012-1149

Mitre link : CVE-2012-1149

CVE.ORG link : CVE-2012-1149


JSON object : View

Products Affected

fedoraproject

  • fedora

debian

  • debian_linux

redhat

  • enterprise_linux_workstation
  • enterprise_linux_server_aus
  • enterprise_linux_server_eus
  • enterprise_linux_server
  • enterprise_linux
  • enterprise_linux_desktop

apache

  • openoffice.org

libreoffice

  • libreoffice
CWE
CWE-189

Numeric Errors