Title: CVE-2012-1149 Integer overflows in graphic object loading

Announced: May 16 2012

Fixed in: LibreOffice 3.5.3


An integer overflow vulnerability in LibreOffice graphic loading code could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code on vulnerable installations of LibreOffice.

Thanks to Tielei Wang via Secunia SVCRP for reporting this flaw. Users are recommended to upgrade to 3.5.3 to avoid this flaw