CVE-2008-2327

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

🔗 References (94)

• cve@mitrehttp://bugs.gentoo.org/show_bug.cgi?id=234080
• cve@mitrehttp://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
• cve@mitrehttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
• cve@mitrehttp://secunia.com/advisories/31610
• cve@mitrehttp://secunia.com/advisories/31623
• cve@mitrehttp://secunia.com/advisories/31668
• cve@mitrehttp://secunia.com/advisories/31670
• cve@mitrehttp://secunia.com/advisories/31698
• cve@mitrehttp://secunia.com/advisories/31838
• cve@mitrehttp://secunia.com/advisories/31882
• cve@mitrehttp://secunia.com/advisories/31982
• cve@mitrehttp://secunia.com/advisories/32706
• cve@mitrehttp://secunia.com/advisories/32756