Published: 18 September 2007
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
|jdstrand||upstream says fixed in 2.3.0, but gutsy has 2.3.0~rc1-1ubuntu2. Flagging as needed until can confirm it is not. on 2007/09/27 kees said that calc was taking care of it|