CVE-2008-2327

EPSS 1.5%

tiff - buffer underflow

Published: 8/27/2008Modified: 4/28/2026

Description

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

Affected packages (3)

Debian/tifffrom 0, < 3.8.2-11
Debian/tifffrom 0, < 3.8.2-7+etch1
Debian/tifffrom 0, < 3.8.2-10+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-2327