cbcvebase.
CVE-2009-2285
published 2009-07-01

CVE-2009-2285: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF…

PriorityP425medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
8.00%
94.0th percentile
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

Affected

2 ranges
VendorProductVersion rangeFixed in
debiantiff< tiff 3.8.2-12 (bookworm)tiff 3.8.2-12 (bookworm)
libtifflibtiff

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.