Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:OPENOFFICE-TIFF-OF |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
OpenOffice TIFF File Parsing Integer Overflow |
Release Date |
2011/07/21 |
Update Number |
1959 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: OpenOffice TIFF File Parsing Integer Overflow
This signature detects attempts to exploit a known vulnerability in OpenOffice TIFF File Parsing Library. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Extended Description
OpenOffice is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Remote attackers may exploit these issues by enticing victims into opening maliciously crafted TIFF files. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Affected Products
- Debian linux 3.1.0
- Debian linux 3.1.0 Alpha
- Debian linux 3.1.0 Amd64
- Debian linux 3.1.0 Arm
- Debian linux 3.1.0 Hppa
- Debian linux 3.1.0 Ia-32
- Debian linux 3.1.0 Ia-64
- Debian linux 3.1.0 M68k
- Debian linux 3.1.0 Mips
- Debian linux 3.1.0 Mipsel
- Debian linux 3.1.0 Ppc
- Debian linux 3.1.0 S/390
- Debian linux 3.1.0 Sparc
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Foresight_linux foresight_linux 1.1
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva linux_mandrake 2007.0
- Mandriva linux_mandrake 2007.0 X86 64
- Mandriva linux_mandrake 2007.1
- Mandriva linux_mandrake 2007.1 X86 64
- Openoffice openoffice 1.1.3
- Openoffice openoffice 2.0.4
- Openoffice openoffice 2.2.1
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core6
- Red_hat fedora Core7
- Rpath rpath_linux 1
- Sun staroffice 6.0
- Sun staroffice 7.0.0
- Sun staroffice 8.0
- Sun starsuite 6
- Sun starsuite 7
- Sun starsuite 8
- Suse linux 10.0
- Suse linux 10.1
- Suse linux_desktop 1.0
- Suse opensuse 10.2
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 6.10 Amd64
- Ubuntu ubuntu_linux 6.10 I386
- Ubuntu ubuntu_linux 6.10 Powerpc
- Ubuntu ubuntu_linux 6.10 Sparc
- Ubuntu ubuntu_linux 7.04 Amd64
- Ubuntu ubuntu_linux 7.04 I386
- Ubuntu ubuntu_linux 7.04 Powerpc
- Ubuntu ubuntu_linux 7.04 Sparc
References
- BugTraq: 25690
- CVE: CVE-2007-2834