SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-2327

Date: (C)2008-08-27 (M)2023-12-22

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1020750

http://www.securityfocus.com/archive/1/496033/100/0/threaded

http://www.securityfocus.com/archive/1/497962/100/0/threaded

SUNALERT-265030

APPLE-SA-2008-09-15

APPLE-SA-2008-11-13

APPLE-SA-2008-11-20

FEDORA-2008-7370

FEDORA-2008-7388

SUSE-SR:2008:018

http://bugs.gentoo.org/show_bug.cgi?id=234080

http://security-tracker.debian.net/tracker/CVE-2008-2327

http://security-tracker.debian.net/tracker/DSA-1632-1

http://security-tracker.debian.net/tracker/DTSA-160-1

http://support.apple.com/kb/HT3276

http://support.apple.com/kb/HT3298

http://support.apple.com/kb/HT3318

http://www.vmware.com/security/advisories/VMSA-2008-0017.html

https://bugzilla.redhat.com/show_bug.cgi?id=458674

oval:org.mitre.oval:def:11489

oval:org.mitre.oval:def:5514

cpe:/a:libtiff:libtiff
cpe:/a:libtiff:libtiff:3.7.1
cpe:/a:libtiff:libtiff:3.5.3
cpe:/a:libtiff:libtiff:3.8.0
...

oval:org.secpod.oval:def:17225
oval:org.secpod.oval:def:301509
oval:org.mitre.oval:def:7619
oval:org.secpod.oval:def:17233
...

© SecPod Technologies