CVE-2007-2834

Published: 18 September 2007

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
openoffice.org
Launchpad, Ubuntu, Debian
Upstream
Released (2.3.0)

Notes

AuthorNote
jdstrand upstream says fixed in 2.3.0, but gutsy has 2.3.0~rc1-1ubuntu2. Flagging as needed until can confirm it is not. on 2007/09/27 kees said that calc was taking care of it

References