Launchpad CVE tracker

CVE 2008-2327

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

Related bugs and status

CVE-2008-2327 (Candidate) is related to these bugs:

Bug #262606: Please sync tiff 3.8.2-11 (main) from Debian unstable (main).

Summary				In	Importance	Status
	262606	Please sync tiff 3.8.2-11 (main) from Debian unstable (main).		tiff (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://security-tracke...
CONFIRM: http://security-tracke...
CONFIRM: http://security-tracke...
CONFIRM: https://bugzilla.redha...
CONFIRM: http://bugs.gentoo.org...
APPLE: APPLE-SA-2008-09-15
DEBIAN: DSA-1632
MANDRIVA: MDVSA-2008:184
REDHAT: RHSA-2008:0847
REDHAT: RHSA-2008:0848
REDHAT: RHSA-2008:0863
SUSE: SUSE-SR:2008:018
UBUNTU: USN-639-1
BID: 30832
SECUNIA: 31610
SECUNIA: 31623
SECUNIA: 31668
SECUNIA: 31670
SECUNIA: 31698
SECUNIA: 31882
FEDORA: FEDORA-2008-7370
FEDORA: FEDORA-2008-7388
SECUNIA: 31838
GENTOO: GLSA-200809-07
MISC: http://www.vmware.com/...
CERT: TA08-260A
SECTRACK: 1020750
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-11-13
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-11-20
SECUNIA: 32756
CONFIRM: http://support.apple.c...
SECUNIA: 31982
SUNALERT: 265030
VUPEN: ADV-2009-2143
VUPEN: ADV-2008-2438
VUPEN: ADV-2008-2584
VUPEN: ADV-2008-2971
VUPEN: ADV-2008-3232
VUPEN: ADV-2008-3107
VUPEN: ADV-2008-2776
SECUNIA: 32706
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080905 rPSA-2008-026...
BUGTRAQ: 20081031 VMSA-2008-001...

Launchpad.net

CVE 2008-2327

Related bugs and status

Related bugs

References