Back to search
CVE-2008-2327
Published: Aug 27, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
265030
vendor-advisory
x_refsource_SUNALERT
31670
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:184
vendor-advisory
x_refsource_MANDRIVA
APPLE-SA-2008-11-13
vendor-advisory
x_refsource_APPLE
20080905 rPSA-2008-0268-1 libtiff
mailing-list
x_refsource_BUGTRAQ
31838
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=234080
x_refsource_CONFIRM
APPLE-SA-2008-09-15
vendor-advisory
x_refsource_APPLE
31982
third-party-advisory
x_refsource_SECUNIA
31698
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-7388
vendor-advisory
x_refsource_FEDORA
ADV-2008-2971
vdb-entry
x_refsource_VUPEN
TA08-260A
third-party-advisory
x_refsource_CERT
ADV-2008-2776
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2008-0017.html
x_refsource_MISC
RHSA-2008:0863
vendor-advisory
x_refsource_REDHAT
APPLE-SA-2008-11-20
vendor-advisory
x_refsource_APPLE
31623
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2584
vdb-entry
x_refsource_VUPEN
http://security-tracker.debian.net/tracker/CVE-2008-2327
x_refsource_CONFIRM
1020750
vdb-entry
x_refsource_SECTRACK
20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff
mailing-list
x_refsource_BUGTRAQ
ADV-2008-3107
vdb-entry
x_refsource_VUPEN
31610
third-party-advisory
x_refsource_SECUNIA
30832
vdb-entry
x_refsource_BID
http://security-tracker.debian.net/tracker/DTSA-160-1
x_refsource_CONFIRM
oval:org.mitre.oval:def:11489
vdb-entry
signature
x_refsource_OVAL
SUSE-SR:2008:018
vendor-advisory
x_refsource_SUSE
ADV-2008-3232
vdb-entry
x_refsource_VUPEN
31882
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0848
vendor-advisory
x_refsource_REDHAT
31668
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2143
vdb-entry
x_refsource_VUPEN
32706
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:5514
vdb-entry
signature
x_refsource_OVAL
DSA-1632
vendor-advisory
x_refsource_DEBIAN
http://support.apple.com/kb/HT3318
x_refsource_CONFIRM
http://security-tracker.debian.net/tracker/DSA-1632-1
x_refsource_CONFIRM
http://support.apple.com/kb/HT3298
x_refsource_CONFIRM
USN-639-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2008:0847
vendor-advisory
x_refsource_REDHAT
http://support.apple.com/kb/HT3276
x_refsource_CONFIRM
ADV-2008-2438
vdb-entry
x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=458674
x_refsource_CONFIRM
32756
third-party-advisory
x_refsource_SECUNIA
GLSA-200809-07
vendor-advisory
x_refsource_GENTOO
FEDORA-2008-7370
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now