CVE-2012-1149

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 3.5.3 OpenOffice.org versions 3.3, 3.4 Beta, and possibly earlier

Description The issue is related to errors in number processing in the vclmi.dll component of the OpenOffice.org module in LibreOffice. Exploitation of this issue may allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity through a specially crafted DOC file using a JPEG image. This can trigger a heap-based buffer overflow, potentially allowing the execution of arbitrary code.

Recommendations For LibreOffice versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue. For OpenOffice.org versions 3.3 and 3.4 Beta, consider disabling the use of embedded image objects, such as JPEG images in DOC files, until a patch is available. As a temporary workaround, restrict the opening of DOC files with embedded JPEG images to minimize the risk of exploitation.