OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
BID:25690
Info
OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
| Bugtraq ID: | 25690 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2834 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2007 12:00AM |
| Updated: | Oct 25 2007 01:07AM |
| Credit: | The vendor credits an anonymous researcher working with iDefense, with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE Linux Desktop 1.0 SuSE Linux 10.1 SuSE Linux 10.0 Sun StarSuite 8 Sun StarSuite 7 Sun StarSuite 6 Sun StarOffice 7.0 Sun StarOffice 8.0 Sun StarOffice 6.0 rPath rPath Linux 1 Redhat Fedora Core7 Redhat Fedora Core6 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Desktop 4.0 Redhat Desktop 3.0 OpenOffice OpenOffice 2.2.1 OpenOffice OpenOffice 2.0.4 OpenOffice OpenOffice 1.1.3 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
OpenOffice OpenOffice 2.3 |
Discussion
OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
OpenOffice is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted TIFF files.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
OpenOffice is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted TIFF files.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Exploit / POC
OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
Solution:
The vendor has addressed this issue in OpenOffice 2.3. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for more information.
Sun StarSuite 7
Solution:
The vendor has addressed this issue in OpenOffice 2.3. Contact the vendor for details on obtaining and applying the appropriate updates.
Please see the referenced advisories for more information.
Sun StarSuite 7
-
Sun StarOffice/StarSuite 7 Linux Platform patch 116518-15
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116518-15-1 -
Sun StarOffice/StarSuite 7 SPARC Platform patch 116519-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1 -
Sun StarOffice/StarSuite 7 Windows Platform patch 116520-14
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116520-14-1 -
Sun StarOffice/StarSuite 7 x86 Platform patch 117073-13
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117073-13-1
References
OpenOffice TIFF File Parser Multiple Integer Overflow Vulnerabilities
References:
References:
- CVE-2007-02834 - Manipulated TIFF files can lead to heap overflows and arbitra (OpenOffice)
- Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabi (iDefense)
- OpenOffice Homepage (OpenOffice)
- iDefense Security Advisory 09.17.07: Multiple Vendor OpenOffice TIFF File Parsin (iDefense)
- Manipulated TIFF Files or Documents Containing Manipulated TIFF Files May Lead t (Sun Microsystems)
- RHSA-2007:0848-8: Important: openoffice.org security update (Redhat)