Published: 27/08/2008 Updated: 11/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and previous versions allow context-dependent malicious users to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 3.4
libtiff libtiff 3.5.1
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.5.6
libtiff libtiff 3.5.7
libtiff libtiff
libtiff libtiff 3.5.2
libtiff libtiff 3.5.3
libtiff libtiff 3.7.0
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.5
libtiff libtiff 3.8.0
libtiff libtiff 3.8.1

Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service ...

Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code For the stable distribution (etch), this problem has been fixed in version 382-7+etch1 For the testing distribution (lenny), this problem has ...

CWE-119 http://security-tracker.debian.net/tracker/CVE-2008-2327 http://security-tracker.debian.net/tracker/DSA-1632-1 http://security-tracker.debian.net/tracker/DTSA-160-1 http://www.debian.org/security/2008/dsa-1632 http://www.securityfocus.com/bid/30832 http://secunia.com/advisories/31610 http://www.redhat.com/support/errata/RHSA-2008-0863.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:184 http://bugs.gentoo.org/show_bug.cgi?id=234080 http://secunia.com/advisories/31623 https://bugzilla.redhat.com/show_bug.cgi?id=458674 http://secunia.com/advisories/31668 http://www.redhat.com/support/errata/RHSA-2008-0847.html http://secunia.com/advisories/31670 http://www.redhat.com/support/errata/RHSA-2008-0848.html http://secunia.com/advisories/31698 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://www.ubuntu.com/usn/usn-639-1 http://secunia.com/advisories/31882 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html http://secunia.com/advisories/31838 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html http://security.gentoo.org/glsa/glsa-200809-07.xml http://www.vmware.com/security/advisories/VMSA-2008-0017.html http://www.securitytracker.com/id?1020750 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://support.apple.com/kb/HT3298 http://support.apple.com/kb/HT3318 http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3276 http://secunia.com/advisories/31982 http://www.vupen.com/english/advisories/2009/2143 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2008/3107 http://www.vupen.com/english/advisories/2008/2438 http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2008/3232 http://www.vupen.com/english/advisories/2008/2776 http://secunia.com/advisories/32706 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489 http://www.securityfocus.com/archive/1/497962/100/0/threaded http://www.securityfocus.com/archive/1/496033/100/0/threaded https://usn.ubuntu.com/639-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-2327

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect