CVE-2007-2834

openoffice.org TIFF parsing heap overflow

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Desbordamiento de enteros en el analizador TIFF en OpenOffice.org (OOo) anterior a la versión 2.3; y Office Suit (StarSuite) de Sun StarOffice versiones 6, 7 y 8 ; permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo TIFF con valores creados de campos de longitud no especificada, lo que desencadena la asignación de una cantidad inapropiada de memoria, resultando en un desbordamiento de búfer en la región heap de la memoria.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-24 CVE Reserved
2007-09-18 CVE Published
2024-08-07 CVE Updated
2024-10-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (35)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=192818	Issue Tracking
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593	Broken Link
http://secunia.com/advisories/26816	Third Party Advisory
http://secunia.com/advisories/26817	Third Party Advisory
http://secunia.com/advisories/26839	Third Party Advisory
http://secunia.com/advisories/26844	Third Party Advisory
http://secunia.com/advisories/26855	Third Party Advisory
http://secunia.com/advisories/26861	Third Party Advisory
http://secunia.com/advisories/26891	Third Party Advisory
http://secunia.com/advisories/26903	Third Party Advisory
http://secunia.com/advisories/26912	Third Party Advisory
http://secunia.com/advisories/27077	Third Party Advisory
http://secunia.com/advisories/27087	Third Party Advisory
http://secunia.com/advisories/27370	Third Party Advisory
http://securitytracker.com/id?1018702	Third Party Advisory
http://www.securityfocus.com/archive/1/479965/100/0/threaded	Mailing List
http://www.vupen.com/english/advisories/2007/3184	Third Party Advisory
http://www.vupen.com/english/advisories/2007/3262	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36656	Third Party Advisory
https://issues.rpath.com/browse/RPL-1740	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967	Signature

URL	Date	SRC

URL	Date	SRC
http://www.debian.org/security/2007/dsa-1375	2022-02-07
http://www.openoffice.org/security/cves/CVE-2007-2834.html	2022-02-07
http://www.securityfocus.com/bid/25690	2022-02-07

URL	Date	SRC
http://fedoranews.org/updates/FEDORA-2007-237.shtml	2022-02-07
http://fedoranews.org/updates/FEDORA-2007-700.shtml	2022-02-07
http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html	2022-02-07
http://security.gentoo.org/glsa/glsa-200710-24.xml	2022-02-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1	2022-02-07
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1	2022-02-07
http://www.mandriva.com/security/advisories?name=MDKSA-2007:186	2022-02-07
http://www.redhat.com/support/errata/RHSA-2007-0848.html	2022-02-07
http://www.ubuntu.com/usn/usn-524-1	2022-02-07
https://access.redhat.com/security/cve/CVE-2007-2834	2007-09-18
https://bugzilla.redhat.com/show_bug.cgi?id=251967	2007-09-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Openoffice Search vendor "Apache" for product "Openoffice"				< 2.3.0 Search vendor "Apache" for product "Openoffice" and version " < 2.3.0"		-		Affected
Sun Search vendor "Sun"		Staroffice Search vendor "Sun" for product "Staroffice"				6.0 Search vendor "Sun" for product "Staroffice" and version "6.0"		-		Affected
Sun Search vendor "Sun"		Staroffice Search vendor "Sun" for product "Staroffice"				7.0 Search vendor "Sun" for product "Staroffice" and version "7.0"		-		Affected
Sun Search vendor "Sun"		Staroffice Search vendor "Sun" for product "Staroffice"				8.0 Search vendor "Sun" for product "Staroffice" and version "8.0"		-		Affected
Sun Search vendor "Sun"		Starsuite Search vendor "Sun" for product "Starsuite"				*		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected