LibreOffice < 3.5.3 Multiple Memory Corruption Vulnerabilities

High Nessus Plugin ID 59180


The remote host contains an application affected by multiple memory corruption vulnerabilities.


A version of LibreOffice prior to 3.5.3 is installed on the remote Windows host. It is, therefore, reportedly affected by multiple memory corruption vulnerabilities :

- An integer overflow vulnerability exists in the graphics object loading code that could allow a remote attacker to execute arbitrary code or cause an application crash. (CVE-2012-1149)

- A denial of service vulnerability exists in the PowerPoint presentation import code. (CVE-2012-2334)

- A memory corruption vulnerability in the code for handling .RTF files.


Upgrade to LibreOffice version 3.5.3 or greater.

See Also

Plugin Details

Severity: High

ID: 59180

File Name: libreoffice_353.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2012/05/17

Modified: 2013/07/12

Dependencies: 55573

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: SMB/LibreOffice/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/05/02

Vulnerability Publication Date: 2012/04/16

Reference Information

CVE: CVE-2012-1149, CVE-2012-2334

BID: 53142, 53570

OSVDB: 81202, 81988, 82517

EDB-ID: 18754