CVE-2007-2834

Published: Sep 18, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Affected (10)

Products: Apache: Openoffice · Sun: Staroffice, Starsuite · Debian: Debian Linux · +1 more

Show all products

Apache: Openoffice · Sun: Staroffice, Starsuite · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

2 products

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apache Openoffice	Before 2.3.0
Sun Staroffice	Version 6.0
Sun Staroffice	Version 7.0
Sun Staroffice	Version 8.0
Sun Starsuite	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 4.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 6.10
Canonical Ubuntu Linux	Version 7.04

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (66)

http://bugs.gentoo.org/show_bug.cgi?id=192818

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://fedoranews.org/updates/FEDORA-2007-237.shtml

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://fedoranews.org/updates/FEDORA-2007-700.shtml

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/26816

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26817

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26839

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26844

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26855

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26861

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26891

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26903

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/26912

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/27077

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/27087

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/27370

Source: cve@mitre.org

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200710-24.xml

Source: cve@mitre.org

Third Party Advisory

http://securitytracker.com/id?1018702

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://www.debian.org/security/2007/dsa-1375

Source: cve@mitre.org

PatchThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:186

Source: cve@mitre.org

Third Party AdvisoryURL Repurposed

http://www.openoffice.org/security/cves/CVE-2007-2834.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-0848.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/479965/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/25690

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-524-1

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://www.vupen.com/english/advisories/2007/3184

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2007/3262

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/36656

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://issues.rpath.com/browse/RPL-1740

Source: cve@mitre.org

Broken LinkIssue TrackingThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967

Source: cve@mitre.org

Third Party Advisory

http://bugs.gentoo.org/show_bug.cgi?id=192818