cbcvebase.
CVE-2008-2327
published 2008-08-27

CVE-2008-2327: Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and…

PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.13%
89.6th percentile
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

Affected

20 ranges
VendorProductVersion rangeFixed in
debiantiff< tiff 3.8.2-12 (bookworm)tiff 3.8.2-12 (bookworm)
debiantiff< tiff 3.8.2-11 (bookworm)tiff 3.8.2-11 (bookworm)
libtifflibtiff<= 3.8.2
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
libtifflibtiff
vmwareesxi
vmwarevmware_workstation

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.