CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
81.9%
CentOS Errata and Security Advisory CESA-2008:0863-01
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.
Multiple uses of uninitialized values were discovered in libtiffβs
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
code. (CVE-2008-2327)
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting this issue.
All libtiff users are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-August/077381.html
Affected packages:
libtiff
libtiff-devel
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | libtiff | <Β 3.5.7-31.el2 | libtiff-3.5.7-31.el2.i386.rpm |
CentOS | 2 | i386 | libtiff-devel | <Β 3.5.7-31.el2 | libtiff-devel-3.5.7-31.el2.i386.rpm |