CVE-2007-2834

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-09-2007 11:17

Last modified: - 07-02-2022 06:16

Total changes: - 3

Description

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

vendor=apache AND product=openoffice AND versionEndExcluding=2.3.0

vendor=sun AND product=staroffice AND version=6.0

vendor=sun AND product=staroffice AND version=7.0

vendor=sun AND product=staroffice AND version=8.0

vendor=sun AND product=starsuite

vendor=Debian AND product=debian_linux AND version=3.1

vendor=Debian AND product=debian_linux AND version=4.0

vendor=canonical AND product=ubuntu_linux AND version=6.06

vendor=canonical AND product=ubuntu_linux AND version=6.10

vendor=canonical AND product=ubuntu_linux AND version=7.04

Reference

20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities-Broken Link, Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-2834.html
DSA-1375-Patch, Third Party Advisory
25690-Patch, Third Party Advisory, VDB Entry
https://issues.rpath.com/browse/RPL-1740
http://bugs.gentoo.org/show_bug.cgi?id=192818
FEDORA-2007-700-Broken Link, Third Party Advisory
FEDORA-2007-2372-Broken Link, Third Party Advisory
GLSA-200710-24-Third Party Advisory
MDKSA-2007:186-Third Party Advisory, URL Repurposed
RHSA-2007:0848-Third Party Advisory
102994-Broken Link, Third Party Advisory
SUSE-SA:2007:052-Mailing List, Third Party Advisory
USN-524-1-Broken Link, Third Party Advisory
1018702-Third Party Advisory, VDB Entry
26816-Third Party Advisory
26817-Third Party Advisory
26839-Third Party Advisory
26844-Third Party Advisory
26855-Third Party Advisory
26861-Third Party Advisory
26903-Third Party Advisory
26912-Third Party Advisory
26891-Third Party Advisory
27077-Third Party Advisory
27087-Third Party Advisory
27370-Third Party Advisory
200190-Broken Link, Third Party Advisory
ADV-2007-3184-Third Party Advisory
ADV-2007-3262-Third Party Advisory
openoffice-tiff-bo(36656)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:9967-Third Party Advisory
20070919 FLEA-2007-0056-1 openoffice.org-Third Party Advisory, VDB Entry

Keywords

CVE-2007-2834

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-2834

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures