CVE-2007-2834

Publication date 18 September 2007

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openoffice.org	7.04 feisty	Fixed 2.2.0-1ubuntu5
	6.10 edgy	Fixed 2.0.4-0ubuntu7
	6.06 LTS dapper	Fixed 2.0.2-2ubuntu12.5

Notes

jdstrand

upstream says fixed in 2.3.0, but gutsy has 2.3.0~rc1-1ubuntu2. Flagging as needed until can confirm it is not. on 2007/09/27 kees said that calc was taking care of it

References

Related Ubuntu Security Notices (USN)

USN-524-1
OpenOffice.org vulnerability
4 October 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-2834