Unrated severityNVD Advisory· Published Aug 27, 2008· Updated Apr 23, 2026
CVE-2008-2327
CVE-2008-2327
Description
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Affected products
15cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*range: <=3.8.2
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
47- www.debian.org/security/2008/dsa-1632nvdPatch
- secunia.com/advisories/31610nvdVendor Advisory
- secunia.com/advisories/31623nvdVendor Advisory
- secunia.com/advisories/31668nvdVendor Advisory
- secunia.com/advisories/31670nvdVendor Advisory
- secunia.com/advisories/31698nvdVendor Advisory
- secunia.com/advisories/31838nvdVendor Advisory
- secunia.com/advisories/31882nvdVendor Advisory
- secunia.com/advisories/32756nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0848.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0863.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2008/2438nvdVendor Advisory
- www.vupen.com/english/advisories/2008/2584nvdVendor Advisory
- www.vupen.com/english/advisories/2008/2776nvdVendor Advisory
- www.vupen.com/english/advisories/2008/2971nvdVendor Advisory
- www.vupen.com/english/advisories/2008/3107nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2143nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA08-260A.htmlnvdUS Government Resource
- bugs.gentoo.org/show_bug.cginvd
- lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlnvd
- lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlnvd
- lists.apple.com/archives/security-announce/2008/Nov/msg00002.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlnvd
- secunia.com/advisories/31982nvd
- secunia.com/advisories/32706nvd
- security-tracker.debian.net/tracker/CVE-2008-2327nvd
- security-tracker.debian.net/tracker/DSA-1632-1nvd
- security-tracker.debian.net/tracker/DTSA-160-1nvd
- security.gentoo.org/glsa/glsa-200809-07.xmlnvd
- sunsolve.sun.com/search/document.donvd
- support.apple.com/kb/HT3276nvd
- support.apple.com/kb/HT3298nvd
- support.apple.com/kb/HT3318nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2008-0847.htmlnvd
- www.securityfocus.com/archive/1/496033/100/0/threadednvd
- www.securityfocus.com/archive/1/497962/100/0/threadednvd
- www.securityfocus.com/bid/30832nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-639-1nvd
- www.vmware.com/security/advisories/VMSA-2008-0017.htmlnvd
- www.vupen.com/english/advisories/2008/3232nvd
- bugzilla.redhat.com/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514nvd
- www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.htmlnvd
News mentions
0No linked articles in our index yet.