PT-2007-4144 · Apache+2 · Openoffice.Org+2
Publicado
2007-09-18
·
Atualizado
2022-02-07
·
CVE-2007-2834
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenOffice.org versions prior to 2.3
Sun StarOffice versions 6, 7, and 8
Description
The issue is related to an integer overflow in the TIFF parser, which allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields. This triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
Recommendations
For OpenOffice.org versions prior to 2.3, update to version 2.3 or later to resolve the issue.
For Sun StarOffice versions 6, 7, and 8, consider upgrading to a newer version that is not affected by this issue, as these versions are vulnerable.
Correção
RCE
Integer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openoffice.Org
Red Hat
Staroffice