| Vulnerability Name: | CVE-2007-2834 (CCN-36656) | ||||||||||||||||||||||||||||||||
| Assigned: | 2007-09-17 | ||||||||||||||||||||||||||||||||
| Published: | 2007-09-17 | ||||||||||||||||||||||||||||||||
| Updated: | 2022-02-07 | ||||||||||||||||||||||||||||||||
| Summary: | Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-190 | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Issue Tracking, Third Party Advisory http://bugs.gentoo.org/show_bug.cgi?id=192818 Source: MITRE Type: CNA CVE-2007-2834 Source: FEDORA Type: Broken Link, Third Party Advisory FEDORA-2007-2372 Source: FEDORA Type: Broken Link, Third Party Advisory FEDORA-2007-700 Source: IDEFENSE Type: Broken Link, Third Party Advisory 20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities Source: SUSE Type: Mailing List, Third Party Advisory SUSE-SA:2007:052 Source: CCN Type: RHSA-2007-0848 Important: openoffice.org security update Source: CCN Type: SA26816 OpenOffice 2 TIFF Parsing Integer Overflow Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26816 Source: SECUNIA Type: Third Party Advisory 26817 Source: CCN Type: SA26839 OpenOffice TIFF Parsing Integer Overflow Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26839 Source: SECUNIA Type: Third Party Advisory 26844 Source: SECUNIA Type: Third Party Advisory 26855 Source: SECUNIA Type: Third Party Advisory 26861 Source: CCN Type: SA26891 Sun StarOffice Office Suite TIFF Parsing Integer Overflow Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26891 Source: SECUNIA Type: Third Party Advisory 26903 Source: SECUNIA Type: Third Party Advisory 26912 Source: SECUNIA Type: Third Party Advisory 27077 Source: SECUNIA Type: Third Party Advisory 27087 Source: SECUNIA Type: Third Party Advisory 27370 Source: GENTOO Type: Third Party Advisory GLSA-200710-24 Source: CCN Type: SECTRACK ID: 1018702 OpenOffice Buffer Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Third Party Advisory, VDB Entry 1018702 Source: CCN Type: Sun Alert ID: 102994 Manipulated TIFF Files or Documents Containing Manipulated TIFF Files May Lead to Heap Overflows and Arbitrary Code Execution Source: SUNALERT Type: Broken Link, Third Party Advisory 102994 Source: SUNALERT Type: Broken Link, Third Party Advisory 200190 Source: CCN Type: ASA-2007-391 OpenOffice.org security update (RHSA-2007-0848) Source: CCN Type: ASA-2007-408 Manipulated TIFF Files or Documents Containing Manipulated TIFF Files May Lead to Heap Overflows and Arbitrary Code Execution (Sun 102994) Source: DEBIAN Type: Patch, Third Party Advisory DSA-1375 Source: DEBIAN Type: DSA-1375 openoffice.org -- buffer overflow Source: CCN Type: GLSA-200710-24 OpenOffice.org: Heap-based buffer overflow Source: MANDRIVA Type: Third Party Advisory, URL Repurposed MDKSA-2007:186 Source: CCN Type: OpenOffice.org Web site OpenOffice.org: Home Source: CCN Type: OpenOffice.org Security Bulletin CVE-2007-2834 Manipulated TIFF files can lead to heap overflows and arbitrary code execution Source: CONFIRM Type: Patch, Vendor Advisory http://www.openoffice.org/security/cves/CVE-2007-2834.html Source: REDHAT Type: Third Party Advisory RHSA-2007:0848 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20070919 FLEA-2007-0056-1 openoffice.org Source: BID Type: Patch, Third Party Advisory, VDB Entry 25690 Source: CCN Type: BID-25690 OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities Source: CCN Type: USN-524-1 OpenOffice.org vulnerability Source: UBUNTU Type: Broken Link, Third Party Advisory USN-524-1 Source: VUPEN Type: Third Party Advisory ADV-2007-3184 Source: VUPEN Type: Third Party Advisory ADV-2007-3262 Source: XF Type: Third Party Advisory, VDB Entry openoffice-tiff-bo(36656) Source: XF Type: UNKNOWN openoffice-tiff-bo(36656) Source: CONFIRM Type: Broken Link, Issue Tracking, Third Party Advisory https://issues.rpath.com/browse/RPL-1740 Source: CCN Type: iDefense PUBLIC ADVISORY: 09.17.07 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:9967 Source: SUSE Type: SUSE-SA:2007:052 OpenOffice_org TIFF problem | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||