CVE-2009-2285

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

🔗 References (82)

• cve@mitrehttp://bugzilla.maptools.org/show_bug.cgi?id=2065
• cve@mitrehttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
• cve@mitrehttp://secunia.com/advisories/35695
• cve@mitrehttp://secunia.com/advisories/35716
• cve@mitrehttp://secunia.com/advisories/35866
• cve@mitrehttp://secunia.com/advisories/35883
• cve@mitrehttp://secunia.com/advisories/35912
• cve@mitrehttp://secunia.com/advisories/36194
• cve@mitrehttp://secunia.com/advisories/36831
• cve@mitrehttp://secunia.com/advisories/38241
• cve@mitrehttp://secunia.com/advisories/39135