CVE-2008-2327

Publication date 27 August 2008

Last updated 24 July 2024

Ubuntu priority

Description

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
tiff	8.04 LTS hardy	Fixed 3.8.2-7ubuntu3.1
	7.10 gutsy	Fixed 3.8.2-7ubuntu2.1
	7.04 feisty	Fixed 3.8.2-6ubuntu1
	6.06 LTS dapper	Fixed 3.7.4-1ubuntu3.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-639-1
tiff vulnerability
2 September 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-2327