CVE-2012-1149: Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to…

CVE-2012-1149 [HIGH] GHSA-xqxg-hxfm-4q7f: Integer overflow in the vclmi Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

CVE-2012-1149 [HIGH] CVE-2012-1149: Integer overflow in the vclmi Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

CVE-2011-2685 [CRITICAL] OpenOffice.org vulnerabilities Title: OpenOffice.org vulnerabilities Summary: OpenOffice.org could be made to crash or potentially run programs as your login if it opened a specially crafted file. A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-2685) Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. (CVE-2011-2713) Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the

CVE-2012-1149 [HIGH] LibreOffice vulnerabilities Title: LibreOffice vulnerabilities Summary: LibreOffice could be made to crash or potentially run programs as your login if it opened a specially crafted file. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-1149) Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-2334) Instructions: After

CVE-2012-1149 [HIGH] CWE-190 libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

CVE-2012-1149 [HIGH] CVE-2012-1149: libreoffice - Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, ... Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1:3.4.5-1) bullseye: resolved (fixed in 1:3.4.5-1) forky: resolved (fixed in 1:3.4.5-1) sid: resolved (fixed in 1:3.4.5-1) trixie: resolved (fixed in 1:3.4.5-1)

CVE-2012-1149 [HIGH] CVE-2012-1149 openoffice.org, libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations [fedora-all] CVE-2012-1149 openoffice.org, libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include this bug ID and the bug IDs of this bug's parent bugs filed against the "Security Response" product (the top-level CVE bugs). Please mention the CVE IDs being fixed in the RPM changelog when available. Bodhi update

CVE-2012-1149 [HIGH] CVE-2012-1149 openoffice.org, libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations CVE-2012-1149 openoffice.org, libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations Multiple integer overflows, leading to heap-based buffer overflows were found in the way JPEG, PNG and BMP image file reader implementations of the LibreOffice and OpenOffice.org application suites performed scanning / loading of JPEG, PNG and BMP image files. A remote attacker could provide a specially-crafted JPEG, PNG or BMP image file, which once opened by a victim in an application from the LibreOffice or OpenOffice.org application suite would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. Upstream patches: [1] http://cgit.freedesktop.org/libreoffice/core/commit/?i