Lucene search

[email protected]CVE-2012-1149

HistoryJun 21, 2012 - 3:55 p.m.

CVE-2012-1149

2012-06-2115:55:11

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-1149

integer overflow

vclmi.dll

openoffice.org

libreoffice

denial of service

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

libreofficelibreofficeRange≤3.5.2

Node

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

Node

redhatenterprise_linuxMatch5.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.2

redhatenterprise_linux_server_eusMatch6.2.z

redhatenterprise_linux_workstationMatch6.0

Node

apacheopenoffice.orgMatch3.3.0

apacheopenoffice.orgMatch3.4beta

Node

fedoraprojectfedoraMatch15

fedoraprojectfedoraMatch16

CPENameOperatorVersion
libreoffice:libreofficelibreofficele3.5.2

CPE	Name	Operator	Version
libreoffice:libreoffice	libreoffice	le	3.5.2

References

archives.neohapsis.com/archives/bugtraq/2012-05/0089.html

lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html

rhn.redhat.com/errata/RHSA-2012-0705.html

secunia.com/advisories/46992

secunia.com/advisories/47244

secunia.com/advisories/49140

secunia.com/advisories/49373

secunia.com/advisories/49392

secunia.com/advisories/50692

secunia.com/advisories/60799

security.gentoo.org/glsa/glsa-201209-05.xml

securitytracker.com/id?1027068

www.debian.org/security/2012/dsa-2473

www.debian.org/security/2012/dsa-2487

www.gentoo.org/security/en/glsa/glsa-201408-19.xml

www.libreoffice.org/advisories/cve-2012-1149/

www.mandriva.com/security/advisories?name=MDVSA-2012:090

www.mandriva.com/security/advisories?name=MDVSA-2012:091

www.openoffice.org/security/cves/CVE-2012-1149.html

www.osvdb.org/81988

www.securityfocus.com/bid/53570

exchange.xforce.ibmcloud.com/vulnerabilities/75692

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2012-1149

nessus18 fedora3 ubuntucve1 nvd1 openvas32 debiancve1 debian5 cvelist1 prion1 securityvulns2 oraclelinux1 centos1 redhat1 ubuntu2 osv1 gentoo2