BUGTRAQ ID:30832
CVE ID:CVE-2008-2327
CNCVE ID:CNCVE-20082327
LibTiff是一款负责对TIFF图象格式进行编码/解码的应用库。
LibTIFF 'tif_lzw.c’存在整数下溢问题,远程攻击者可以利用漏洞以链接此库的应用程序权限执行任意指令。
libtiff/tif_lzw.c代码中的"LZWDecode()"和"LZWDecodeCompat()"函数存在错误,通过构建特殊的TIFF文件,诱使用户访问,可触发缓冲区下溢,导致以链接此库的应用程序权限执行任意指令。
LibTIFF LibTIFF 3.8.2
Debian Linux操作系统可参考如下升级程序:
Debian Linux 4.0 amd64
Debian libtiff-opengl_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_amd64.deb
Debian libtiff-tools_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_amd64.deb
Debian libtiff4-dev_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_amd64.deb
Debian libtiff4_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_amd64.deb
Debian libtiffxx0c2_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_amd64.deb
Debian Linux 4.0 mipsel
Debian libtiff-opengl_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_mipsel.deb
Debian libtiff-tools_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_mipsel.deb
Debian libtiff4-dev_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_mipsel.deb
Debian libtiff4_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_mipsel.deb
Debian libtiffxx0c2_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_mipsel.deb
Debian Linux 4.0 ia-32
Debian libtiff-opengl_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_i386.deb
Debian libtiff-tools_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_i386.deb
Debian libtiff4-dev_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_i386.deb
Debian libtiff4_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_i386.deb
Debian libtiffxx0c2_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_i386.deb
Debian Linux 4.0 hppa
Debian libtiff-opengl_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_hppa.deb
Debian libtiff-tools_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_hppa.deb
Debian libtiff4-dev_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_hppa.deb
Debian libtiff4_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_hppa.deb
Debian libtiffxx0c2_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_hppa.deb
Debian Linux 4.0 sparc
Debian libtiff-opengl_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_sparc.deb
Debian libtiff-tools_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_sparc.deb
Debian libtiff4-dev_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_sparc.deb
Debian libtiff4_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_sparc.deb
Debian libtiffxx0c2_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_sparc.deb
Debian Linux 4.0 s/390
Debian libtiff-opengl_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_s390.deb
Debian libtiff-tools_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_s390.deb
Debian libtiff4-dev_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_s390.deb
Debian libtiff4_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_s390.deb
Debian libtiffxx0c2_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_s390.deb
Debian Linux 4.0 powerpc
Debian libtiff-opengl_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_powerpc.deb
Debian libtiff-tools_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_powerpc.deb
Debian libtiff4-dev_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_powerpc.deb
Debian libtiff4_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_powerpc.deb
Debian libtiffxx0c2_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_powerpc.deb
Debian Linux 4.0 alpha
Debian libtiff-opengl_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_alpha.deb
Debian libtiff-tools_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_alpha.deb
Debian libtiff4-dev_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_alpha.deb
Debian libtiff4_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_alpha.deb
Debian libtiffxx0c2_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_alpha.deb
Debian Linux 4.0 ia-64
Debian libtiff-opengl_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_ia64.deb
Debian libtiff-tools_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_ia64.deb
Debian libtiff4-dev_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_ia64.deb
Debian libtiff4_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_ia64.deb
Debian libtiffxx0c2_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_ia64.deb
Debian Linux 4.0 mips
Debian libtiff-opengl_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_mips.deb
Debian libtiff-tools_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_mips.deb
Debian libtiff4-dev_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_mips.deb
Debian libtiff4_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_mips.deb
Debian libtiffxx0c2_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_mips.deb