CVE-2012-1149

EPSS 1.2%

openoffice.org - buffer overflow

Published: 6/21/2012Modified: 4/28/2026

Description

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Affected packages (3)

Debian/libreofficefrom 0, < 1:3.4.5-1
Debian/openoffice.orgfrom 0, < 1:3.2.1-11+squeeze5
Debian/openoffice.orgfrom 0, < 1:3.2.1-11+squeeze6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-1149