National Vulnerability Database (NVD) National Vulnerability Database (CVE-2007-2834)

National Cyber Awareness System

Vulnerability Summary for CVE-2007-2834

Original release date:09/18/2007

Last revised:10/11/2011

Source: US-CERT/NIST

Overview

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 25690

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/25690

External Source: CONFIRM

Name: http://www.openoffice.org/security/cves/CVE-2007-2834.html

Type: Patch Information

Hyperlink:http://www.openoffice.org/security/cves/CVE-2007-2834.html

External Source: DEBIAN

Name: DSA-1375

Type: Patch Information

Hyperlink:http://www.debian.org/security/2007/dsa-1375

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1740

Hyperlink:https://issues.rpath.com/browse/RPL-1740

External Source: XF

Name: openoffice-tiff-bo(36656)

Hyperlink:http://xforce.iss.net/xforce/xfdb/36656

External Source: VUPEN

Name: ADV-2007-3262

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2007/3262

External Source: VUPEN

Name: ADV-2007-3184

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2007/3184

External Source: UBUNTU

Name: USN-524-1

Hyperlink:http://www.ubuntu.com/usn/usn-524-1

External Source: BUGTRAQ

Name: 20070919 FLEA-2007-0056-1 openoffice.org

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/479965/100/0/threaded

External Source: REDHAT

Name: RHSA-2007:0848

Type: Advisory

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0848.html

External Source: MANDRIVA

Name: MDKSA-2007:186

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:186

External Source: SUNALERT

Name: 200190

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1

External Source: SUNALERT

Name: 102994

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1

External Source: SECTRACK

Name: 1018702

Hyperlink:http://securitytracker.com/id?1018702

External Source: GENTOO

Name: GLSA-200710-24

Hyperlink:http://security.gentoo.org/glsa/glsa-200710-24.xml

External Source: SECUNIA

Name: 27370

Type: Advisory

Hyperlink:http://secunia.com/advisories/27370

External Source: SECUNIA

Name: 27087

Type: Advisory

Hyperlink:http://secunia.com/advisories/27087

External Source: SECUNIA

Name: 27077

Type: Advisory

Hyperlink:http://secunia.com/advisories/27077

External Source: SECUNIA

Name: 26912

Type: Advisory

Hyperlink:http://secunia.com/advisories/26912

External Source: SECUNIA

Name: 26903

Type: Advisory

Hyperlink:http://secunia.com/advisories/26903

External Source: SECUNIA

Name: 26891

Type: Advisory

Hyperlink:http://secunia.com/advisories/26891

External Source: SECUNIA

Name: 26861

Type: Advisory

Hyperlink:http://secunia.com/advisories/26861

External Source: SECUNIA

Name: 26855

Type: Advisory

Hyperlink:http://secunia.com/advisories/26855

External Source: SECUNIA

Name: 26844

Type: Advisory

Hyperlink:http://secunia.com/advisories/26844

External Source: SECUNIA

Name: 26839

Type: Advisory

Hyperlink:http://secunia.com/advisories/26839

External Source: SECUNIA

Name: 26817

Type: Advisory

Hyperlink:http://secunia.com/advisories/26817

External Source: SECUNIA

Name: 26816

Type: Advisory

Hyperlink:http://secunia.com/advisories/26816

External Source: OVAL

Name: oval:org.mitre.oval:def:9967

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9967

External Source: SUSE

Name: SUSE-SA:2007:052

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html

External Source: IDEFENSE

Name: 20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities

Hyperlink:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593

External Source: FEDORA

Name: FEDORA-2007-700

Hyperlink:http://fedoranews.org/updates/FEDORA-2007-700.shtml

External Source: FEDORA

Name: FEDORA-2007-2372

Hyperlink:http://fedoranews.org/updates/FEDORA-2007-237.shtml

External Source: CONFIRM

Name: http://bugs.gentoo.org/show_bug.cgi?id=192818

Hyperlink:http://bugs.gentoo.org/show_bug.cgi?id=192818

References to Check Content

Identifier:oval:org.mitre.oval:def:9967

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9967

Vulnerable software and versions

Configuration 1

AND

cpe:/o:gentoo:linux

cpe:/o:redhat:fedora_core:3

cpe:/o:ubuntu:ubuntu_linux:5.04::amd64

cpe:/o:ubuntu:ubuntu_linux:5.04::i386

cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc

* cpe:/a:openoffice:openoffice:1.1.3

* cpe:/a:openoffice:openoffice:2.0.4

* cpe:/a:openoffice:openoffice:2.2.1

* cpe:/a:sun:staroffice:6.0

* cpe:/a:sun:staroffice:7.0

* cpe:/a:sun:staroffice:8.0

* cpe:/a:sun:starsuite

Configuration 2

* cpe:/o:debian:debian_linux:3.1

* cpe:/o:debian:debian_linux:3.1::alpha

* cpe:/o:debian:debian_linux:3.1::amd64

* cpe:/o:debian:debian_linux:3.1::arm

* cpe:/o:debian:debian_linux:3.1::hppa

* cpe:/o:debian:debian_linux:3.1::ia-32

* cpe:/o:debian:debian_linux:3.1::ia-64

* cpe:/o:debian:debian_linux:3.1::m68k

* cpe:/o:debian:debian_linux:3.1::mips

* cpe:/o:debian:debian_linux:3.1::mipsel

* cpe:/o:debian:debian_linux:3.1::ppc

* cpe:/o:debian:debian_linux:3.1::s-390

* cpe:/o:debian:debian_linux:3.1::sparc

* cpe:/o:debian:debian_linux:4.0

* cpe:/o:debian:debian_linux:4.0::alpha

* cpe:/o:debian:debian_linux:4.0::amd64

* cpe:/o:debian:debian_linux:4.0::arm

* cpe:/o:debian:debian_linux:4.0::hppa

* cpe:/o:debian:debian_linux:4.0::ia-32

* cpe:/o:debian:debian_linux:4.0::ia-64

* cpe:/o:debian:debian_linux:4.0::m68k

* cpe:/o:debian:debian_linux:4.0::mips

* cpe:/o:debian:debian_linux:4.0::mipsel

* cpe:/o:debian:debian_linux:4.0::powerpc

* cpe:/o:debian:debian_linux:4.0::s-390

* cpe:/o:debian:debian_linux:4.0::sparc

* cpe:/o:redhat:enterprise_linux:3.0::as

* cpe:/o:redhat:enterprise_linux:3.0::es

* cpe:/o:redhat:enterprise_linux:3.0::ws

* cpe:/o:redhat:enterprise_linux:4.0::as

* cpe:/o:redhat:enterprise_linux:4.0::es

* cpe:/o:redhat:enterprise_linux:4.0::ws

* cpe:/o:redhat:enterprise_linux:5.0::client

* cpe:/o:redhat:fedora_core:6

* cpe:/o:redhat:linux:3.0::desktop

* cpe:/o:redhat:linux:4.0::desktop

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2834