|Description||Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|libreoffice (PTS)||jessie (security), jessie||1:4.3.3-2+deb8u11||fixed|
|stretch (security), stretch||1:5.2.7-1+deb9u4||fixed|
The information below is based on the following data on fixed versions.
Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice