CVE-2007-2834

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

References

http://bugs.gentoo.org/show_bug.cgi?id=192818

http://fedoranews.org/updates/FEDORA-2007-237.shtml

http://fedoranews.org/updates/FEDORA-2007-700.shtml

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593

http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html

http://secunia.com/advisories/26816

http://secunia.com/advisories/26817

http://secunia.com/advisories/26839

http://secunia.com/advisories/26844

http://secunia.com/advisories/26855

http://secunia.com/advisories/26861

http://secunia.com/advisories/26891

http://secunia.com/advisories/26903

http://secunia.com/advisories/26912

http://secunia.com/advisories/27077

http://secunia.com/advisories/27087

http://secunia.com/advisories/27370

http://security.gentoo.org/glsa/glsa-200710-24.xml

http://securitytracker.com/id?1018702

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1

http://www.debian.org/security/2007/dsa-1375

http://www.mandriva.com/security/advisories?name=MDKSA-2007:186

http://www.openoffice.org/security/cves/CVE-2007-2834.html

http://www.redhat.com/support/errata/RHSA-2007-0848.html

http://www.securityfocus.com/archive/1/479965/100/0/threaded

http://www.securityfocus.com/bid/25690

http://www.ubuntu.com/usn/usn-524-1

http://www.vupen.com/english/advisories/2007/3184

http://www.vupen.com/english/advisories/2007/3262

https://exchange.xforce.ibmcloud.com/vulnerabilities/36656

https://issues.rpath.com/browse/RPL-1740

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967

Details

Source: MITRE

Published: 2007-09-18

Updated: 2018-10-16

Type: CWE-189

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:3:*:*:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*

OR

cpe:2.3:a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:openoffice:openoffice:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:openoffice:openoffice:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:staroffice:8.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:starsuite:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:client:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux:3.0:*:desktop:*:*:*:*:*

cpe:2.3:o:redhat:linux:4.0:*:desktop:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
107858Solaris 10 (x86) : 120190-23NessusSolaris Local Security Checks
high
107857Solaris 10 (x86) : 120186-23NessusSolaris Local Security Checks
high
107356Solaris 10 (sparc) : 120189-23NessusSolaris Local Security Checks
high
107355Solaris 10 (sparc) : 120185-23NessusSolaris Local Security Checks
high
67561Oracle Linux 3 / 4 : openoffice.org (ELSA-2007-0848)NessusOracle Linux Local Security Checks
high
60251Scientific Linux Security Update : openoffice.org on SL5.x, SL4.x, SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
56500FreeBSD : openoffice -- arbitrary command execution vulnerability (e595e170-6771-11dc-8be8-02e0185f8d72)NessusFreeBSD Local Security Checks
high
29367SuSE 10 Security Update : OpenOffice (ZYPP Patch Number 4320)NessusSuSE Local Security Checks
high
28129Ubuntu 6.06 LTS / 6.10 / 7.04 : openoffice.org/-amd64 vulnerability (USN-524-1)NessusUbuntu Local Security Checks
high
27771Fedora 7 : openoffice.org-2.2.1-18.2.fc7 (2007-2372)NessusFedora Local Security Checks
high
27556GLSA-200710-24 : OpenOffice.org: Heap-based buffer overflowNessusGentoo Local Security Checks
high
27140openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4319)NessusSuSE Local Security Checks
high
26109RHEL 3 / 4 / 5 : openoffice.org (RHSA-2007:0848)NessusRed Hat Local Security Checks
high
26106Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:186)NessusMandriva Local Security Checks
high
26082Fedora Core 6 : openoffice.org-2.0.4-5.5.24 (2007-700)NessusFedora Local Security Checks
high
26078Debian DSA-1375-1 : openoffice.org - buffer overflowNessusDebian Local Security Checks
high
26074CentOS 3 / 4 / 5 : openoffice.org (CESA-2007:0848)NessusCentOS Local Security Checks
high
4216OpenOffice < 2.3 TIFF Parser Multiple OverflowsNessus Network MonitorGeneric
medium
26064Sun OpenOffice.org < 2.3 TIFF Parser Buffer Overflow VulnerabilitiesNessusWindows
high
23617Solaris 5.9 (x86) : 120190-19NessusSolaris Local Security Checks
high
23616Solaris 5.9 (x86) : 120186-19NessusSolaris Local Security Checks
high
23558Solaris 5.9 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23557Solaris 5.9 (sparc) : 120185-19NessusSolaris Local Security Checks
high
23468Solaris 5.8 (x86) : 120190-19NessusSolaris Local Security Checks
high
23467Solaris 5.8 (x86) : 120186-19NessusSolaris Local Security Checks
high
23420Solaris 5.8 (sparc) : 120189-19NessusSolaris Local Security Checks
high
23419Solaris 5.8 (sparc) : 120185-19NessusSolaris Local Security Checks
high
22994Solaris 5.10 (x86) : 120190-19NessusSolaris Local Security Checks
high
22993Solaris 5.10 (x86) : 120186-19NessusSolaris Local Security Checks
high
22961Solaris 5.10 (sparc) : 120189-19NessusSolaris Local Security Checks
high
22960Solaris 5.10 (sparc) : 120185-19NessusSolaris Local Security Checks
high