CVE-2012-1149

Published: 21 June 2012

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Priority

Status

Package	Release	Status
libreoffice Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Released (1:3.3.4-0ubuntu1.2)
	oneiric	Released (1:3.4.4-0ubuntu1.2)
	precise	Not vulnerable (1:3.5.3-0ubuntu1)
	upstream	Released (3.5.3)
	Patches: upstream: http://cgit.freedesktop.org/libreoffice/core/commit/?id=fe40da4cb640819d869d1c925869bc87ede9bbfe upstream: http://cgit.freedesktop.org/libreoffice/core/commit/?id=88e0fa4aa3bea9ffeee372b6a428ca62cee41203 upstream: http://cgit.freedesktop.org/libreoffice/core/commit/?id=9ff94ae0fa947c5fd6a31fbc38421f60eb5e1fba other: https://launchpad.net/~bjoern-michaelsen/+archive/libreoffice-oneirictest-20110718/+sourcepub/2469456/+listing-archive-extra
openoffice.org Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (1:3.2.0-7ubuntu4.3)
	natty	Not vulnerable (transitional packages)
	oneiric	Not vulnerable (transitional packages)
	precise	Not vulnerable (transitional packages)
	upstream	Needs triage
	Patches: vendor: http://www.debian.org/security/2012/dsa-2473 vendor: http://www.debian.org/security/2012/dsa-2487

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=821726

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›