CVE-2007-2834

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-09-18 21:17:00

Last updated 6 years ago

2018-10-16 16:45:00

Affected Software

Debian Debian Linux 3.1

3.1

Debian GNU/Linux 4.0

4.0

Fedora Core 6

6

References

http://bugs.gentoo.org/show_bug.cgi?id=192818

FEDORA-2007-2372

FEDORA-2007-700

20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities

SUSE-SA:2007:052

26816

Vendor Advisory

26817

Vendor Advisory

26839

Vendor Advisory

26844

Vendor Advisory

26855

Vendor Advisory

26861

Vendor Advisory

26891

Vendor Advisory

26903

Vendor Advisory

26912

Vendor Advisory

27077

Vendor Advisory

27087

Vendor Advisory

27370

Vendor Advisory

GLSA-200710-24

1018702

102994

200190

DSA-1375

Patch

MDKSA-2007:186

http://www.openoffice.org/security/cves/CVE-2007-2834.html

Patch

RHSA-2007:0848

Vendor Advisory

20070919 FLEA-2007-0056-1 openoffice.org

25690

Patch

USN-524-1

ADV-2007-3184

Vendor Advisory

ADV-2007-3262

Vendor Advisory

openoffice-tiff-bo(36656)

https://issues.rpath.com/browse/RPL-1740

oval:org.mitre.oval:def:9967

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.