cpe:/a:libtiff:libtiff:3.4 cpe:/a:libtiff:libtiff:3.5.1 cpe:/a:libtiff:libtiff:3.5.2 cpe:/a:libtiff:libtiff:3.5.3 cpe:/a:libtiff:libtiff:3.5.4 cpe:/a:libtiff:libtiff:3.5.5 cpe:/a:libtiff:libtiff:3.5.6 cpe:/a:libtiff:libtiff:3.5.7 cpe:/a:libtiff:libtiff:3.6.0 cpe:/a:libtiff:libtiff:3.6.1 cpe:/a:libtiff:libtiff:3.7.0 cpe:/a:libtiff:libtiff:3.7.1 cpe:/a:libtiff:libtiff:3.8.0 cpe:/a:libtiff:libtiff:3.8.1 cpe:/a:libtiff:libtiff:3.8.2 CVE-2008-2327 2008-08-27T16:41:00.000-04:00 2017-09-28T21:31:07.083-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-08-27T17:36:00.000-04:00 ALLOWS_OTHER_ACCESS SECTRACK 1020750 BUGTRAQ 20080905 rPSA-2008-0268-1 libtiff BUGTRAQ 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff SUNALERT 265030 BID 30832 SECUNIA 31610 SECUNIA 31623 SECUNIA 31668 SECUNIA 31670 SECUNIA 31698 SECUNIA 31838 SECUNIA 31882 SECUNIA 31982 SECUNIA 32706 SECUNIA 32756 VUPEN ADV-2008-2438 VUPEN ADV-2008-2584 VUPEN ADV-2008-2776 VUPEN ADV-2008-2971 VUPEN ADV-2008-3107 VUPEN ADV-2008-3232 VUPEN ADV-2009-2143 APPLE APPLE-SA-2008-09-15 APPLE APPLE-SA-2008-11-13 APPLE APPLE-SA-2008-11-20 DEBIAN DSA-1632 FEDORA FEDORA-2008-7370 FEDORA FEDORA-2008-7388 GENTOO GLSA-200809-07 IAVM IAVM:2008-B-0078 MANDRIVA MDVSA-2008:184 REDHAT RHSA-2008:0847 REDHAT RHSA-2008:0848 REDHAT RHSA-2008:0863 SUSE SUSE-SR:2008:018 CERT TA08-260A UBUNTU USN-639-1 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=234080 CONFIRM http://security-tracker.debian.net/tracker/CVE-2008-2327 CONFIRM http://security-tracker.debian.net/tracker/DSA-1632-1 CONFIRM http://security-tracker.debian.net/tracker/DTSA-160-1 CONFIRM http://support.apple.com/kb/HT3276 CONFIRM http://support.apple.com/kb/HT3298 CONFIRM http://support.apple.com/kb/HT3318 MISC http://www.vmware.com/security/advisories/VMSA-2008-0017.html CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=458674 Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.