CVE-2008-2327 — tiff - buffer underflow

Description

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

How to fix CVE-2008-2327

To remediate CVE-2008-2327, upgrade the affected package to a fixed version below.

Debian/tiff—upgrade to 3.8.2-11 or later
Debian/tiff—upgrade to 3.8.2-7+etch1 or later
—upgrade to 3.8.2-10+lenny1 or later

Is CVE-2008-2327 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 3.8.2-11
from 0, < 3.8.2-7+etch1
from 0, < 3.8.2-10+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-2327