Launchpad CVE tracker

CVE 2007-2834

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Related bugs and status

CVE-2007-2834 (Candidate) is related to these bugs:

Bug #75478: No shortcut to OpenOffice::Draw

Summary				In	Importance	Status
	75478	No shortcut to OpenOffice::Draw		openoffice.org (Ubuntu)	Wishlist	Fix Released

Bug #90513: weird document recovery attempt of openoffice after fullscreen slideshow with oo presentation

Summary				In	Importance	Status
	90513	weird document recovery attempt of openoffice after fullscreen slideshow with oo presentation		openoffice.org (Ubuntu)	High	Fix Released
	90513	weird document recovery attempt of openoffice after fullscreen slideshow with oo presentation		openoffice.org (Baltix)	Undecided	Fix Released

Bug #140618: [OpenOffice.org] Manipulated TIFF files can lead to heap overflows and arbitrary code execution

Summary				In	Importance	Status
	140618	[OpenOffice.org] Manipulated TIFF files can lead to heap overflows and arbitrary code execution		openoffice.org (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-2834

References