CVE-2007-2834
openoffice.org TIFF parsing heap overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
Desbordamiento de enteros en el analizador TIFF en OpenOffice.org (OOo) anterior a la versión 2.3; y Office Suit (StarSuite) de Sun StarOffice versiones 6, 7 y 8 ; permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo TIFF con valores creados de campos de longitud no especificada, lo que desencadena la asignación de una cantidad inapropiada de memoria, resultando en un desbordamiento de búfer en la región heap de la memoria.
A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-05-24 CVE Reserved
- 2007-09-18 CVE Published
- 2024-08-07 CVE Updated
- 2025-07-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (35)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2007/dsa-1375 | 2022-02-07 | |
| http://www.openoffice.org/security/cves/CVE-2007-2834.html | 2022-02-07 | |
| http://www.securityfocus.com/bid/25690 | 2022-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Openoffice Search vendor "Apache" for product "Openoffice" | < 2.3.0 Search vendor "Apache" for product "Openoffice" and version " < 2.3.0" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Staroffice Search vendor "Sun" for product "Staroffice" | 6.0 Search vendor "Sun" for product "Staroffice" and version "6.0" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Staroffice Search vendor "Sun" for product "Staroffice" | 7.0 Search vendor "Sun" for product "Staroffice" and version "7.0" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Staroffice Search vendor "Sun" for product "Staroffice" | 8.0 Search vendor "Sun" for product "Staroffice" and version "8.0" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Starsuite Search vendor "Sun" for product "Starsuite" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04" | - |
Affected
| ||||||