CVE-2007-2834

HIGH

Description

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

References

http://bugs.gentoo.org/show_bug.cgi?id=192818

http://fedoranews.org/updates/FEDORA-2007-237.shtml

http://fedoranews.org/updates/FEDORA-2007-700.shtml

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593

http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html

http://secunia.com/advisories/26816

http://secunia.com/advisories/26817

http://secunia.com/advisories/26839

http://secunia.com/advisories/26844

http://secunia.com/advisories/26855

http://secunia.com/advisories/26861

http://secunia.com/advisories/26891

http://secunia.com/advisories/26903

http://secunia.com/advisories/26912

http://secunia.com/advisories/27077

http://secunia.com/advisories/27087

http://secunia.com/advisories/27370

http://security.gentoo.org/glsa/glsa-200710-24.xml

http://securitytracker.com/id?1018702

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1

http://www.debian.org/security/2007/dsa-1375

http://www.mandriva.com/security/advisories?name=MDKSA-2007:186

http://www.openoffice.org/security/cves/CVE-2007-2834.html

http://www.redhat.com/support/errata/RHSA-2007-0848.html

http://www.securityfocus.com/archive/1/479965/100/0/threaded

http://www.securityfocus.com/bid/25690

http://www.ubuntu.com/usn/usn-524-1

http://www.vupen.com/english/advisories/2007/3184

http://www.vupen.com/english/advisories/2007/3262

https://exchange.xforce.ibmcloud.com/vulnerabilities/36656

https://issues.rpath.com/browse/RPL-1740

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967

Details

Source: MITRE

Published: 2007-09-18

Updated: 2018-10-16

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:3:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*

OR

cpe:2.3:a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:openoffice:openoffice:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:openoffice:openoffice:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:starsuite:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:client:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:3.0:*:desktop:*:*:*:*:*

cpe:2.3:o:redhat:linux:4.0:*:desktop:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
107858Solaris 10 (x86) : 120190-23NessusSolaris Local Security Checks
high
107857Solaris 10 (x86) : 120186-23NessusSolaris Local Security Checks
high
107356Solaris 10 (sparc) : 120189-23NessusSolaris Local Security Checks
high
107355Solaris 10 (sparc) : 120185-23NessusSolaris Local Security Checks
high
67561Oracle Linux 3 / 4 : openoffice.org (ELSA-2007-0848)NessusOracle Linux Local Security Checks
high
60251Scientific Linux Security Update : openoffice.org on SL5.x, SL4.x, SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
56500FreeBSD : openoffice -- arbitrary command execution vulnerability (e595e170-6771-11dc-8be8-02e0185f8d72)NessusFreeBSD Local Security Checks
high
29367SuSE 10 Security Update : OpenOffice (ZYPP Patch Number 4320)NessusSuSE Local Security Checks
high
28129Ubuntu 6.06 LTS / 6.10 / 7.04 : openoffice.org/-amd64 vulnerability (USN-524-1)NessusUbuntu Local Security Checks
high
27771Fedora 7 : openoffice.org-2.2.1-18.2.fc7 (2007-2372)NessusFedora Local Security Checks
high
27556GLSA-200710-24 : OpenOffice.org: Heap-based buffer overflowNessusGentoo Local Security Checks
high
27140openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4319)NessusSuSE Local Security Checks
high
26109RHEL 3 / 4 / 5 : openoffice.org (RHSA-2007:0848)NessusRed Hat Local Security Checks
high
26106Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:186)NessusMandriva Local Security Checks
high
26082Fedora Core 6 : openoffice.org-2.0.4-5.5.24 (2007-700)NessusFedora Local Security Checks
high
26078Debian DSA-1375-1 : openoffice.org - buffer overflowNessusDebian Local Security Checks
high
26074CentOS 3 / 4 / 5 : openoffice.org (CESA-2007:0848)NessusCentOS Local Security Checks
high
4216OpenOffice < 2.3 TIFF Parser Multiple OverflowsNessus Network MonitorGeneric
medium
26064Sun OpenOffice.org < 2.3 TIFF Parser Buffer Overflow VulnerabilitiesNessusWindows
high
23617Solaris 5.9 (x86) : 120190-19NessusSolaris Local Security Checks
high
23616Solaris 5.9 (x86) : 120186-19NessusSolaris Local Security Checks
high
23558Solaris 5.9 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23557Solaris 5.9 (sparc) : 120185-19NessusSolaris Local Security Checks
high
23468Solaris 5.8 (x86) : 120190-19NessusSolaris Local Security Checks
high
23467Solaris 5.8 (x86) : 120186-19NessusSolaris Local Security Checks
high
23420Solaris 5.8 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23419Solaris 5.8 (sparc) : 120185-19NessusSolaris Local Security Checks
high
22994Solaris 5.10 (x86) : 120190-19NessusSolaris Local Security Checks
high
22993Solaris 5.10 (x86) : 120186-19NessusSolaris Local Security Checks
high
22961Solaris 5.10 (sparc) : 120189-19NessusSolaris Local Security Checks
high
22960Solaris 5.10 (sparc) : 120185-19NessusSolaris Local Security Checks
high