// For flags

CVE-2012-1149

libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Un desbordamiento de entero en el módulo de vclmi.dll en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente en versiones anteriores, y LibreOffice antes de v3.5.3, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un objeto de imagen especificamente modificado para este fin incrustado en el documento, tal y como lo demuestra una imagen JPEG en un archivo .DOC, que provoca un desbordamiento de búfer basado en memoria dinámica (heap).

A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-02-14 CVE Reserved
  • 2012-05-16 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-189: Numeric Errors
CAPEC
References (25)
URL Tag Source
http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html Broken Link
http://secunia.com/advisories/46992 Third Party Advisory
http://secunia.com/advisories/47244 Third Party Advisory
http://secunia.com/advisories/49140 Third Party Advisory
http://secunia.com/advisories/49373 Third Party Advisory
http://secunia.com/advisories/50692 Third Party Advisory
http://secunia.com/advisories/60799 Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2012-1149.html Third Party Advisory
http://www.osvdb.org/81988 Broken Link
http://www.securityfocus.com/bid/53570 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/75692 Vdb Entry
URL Date SRC
URL Date SRC
http://securitytracker.com/id?1027068 2023-02-13
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html 2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2012-0705.html 2023-02-13
http://secunia.com/advisories/49392 2023-02-13
http://security.gentoo.org/glsa/glsa-201209-05.xml 2023-02-13
http://www.debian.org/security/2012/dsa-2473 2023-02-13
http://www.debian.org/security/2012/dsa-2487 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml 2023-02-13
http://www.libreoffice.org/advisories/cve-2012-1149 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2012:090 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2012:091 2023-02-13
https://access.redhat.com/security/cve/CVE-2012-1149 2012-06-04
https://bugzilla.redhat.com/show_bug.cgi?id=821726 2012-06-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libreoffice
Search vendor "Libreoffice"
 Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
 <= 3.5.2
Search vendor "Libreoffice" for product "Libreoffice" and version " <= 3.5.2"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 5.0
Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 5.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 6.2
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 6.2.z
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.2.z"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Apache
Search vendor "Apache"
 Openoffice.org
Search vendor "Apache" for product "Openoffice.org"
 3.3.0
Search vendor "Apache" for product "Openoffice.org" and version "3.3.0"
-
Affected
Apache
Search vendor "Apache"
 Openoffice.org
Search vendor "Apache" for product "Openoffice.org"
 3.4
Search vendor "Apache" for product "Openoffice.org" and version "3.4"
beta
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 15
Search vendor "Fedoraproject" for product "Fedora" and version "15"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 16
Search vendor "Fedoraproject" for product "Fedora" and version "16"
-
Affected