7.5

CVE-2012-1149

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibreofficeLibreoffice Version <= 3.5.2
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
RedhatEnterprise Linux Version5.0
ApacheOpenoffice.Org Version3.3.0
ApacheOpenoffice.Org Version3.4 Updatebeta
FedoraprojectFedora Version15
FedoraprojectFedora Version16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.73% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/60799
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
Third Party Advisory
http://secunia.com/advisories/50692
http://security.gentoo.org/glsa/glsa-201209-05.xml
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0705.html
Third Party Advisory
http://secunia.com/advisories/46992
http://secunia.com/advisories/47244
http://secunia.com/advisories/49373
http://secunia.com/advisories/49392
Vendor Advisory
http://www.debian.org/security/2012/dsa-2487
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:090
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:091
Broken Link
http://www.securityfocus.com/bid/53570
Third Party Advisory
VDB Entry
http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html
Third Party Advisory
http://secunia.com/advisories/49140
http://securitytracker.com/id?1027068
Patch
Third Party Advisory
VDB Entry
http://www.debian.org/security/2012/dsa-2473
Third Party Advisory
http://www.libreoffice.org/advisories/cve-2012-1149/
Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2012-1149.html
Third Party Advisory
http://www.osvdb.org/81988
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/75692