Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3922
HistoryAug 27, 2008 - 12:00 a.m.

LibTIFF 'tif_lzw.c'远程整数下溢漏洞

2008-08-2700:00:00
Root
www.seebug.org
11

0.006 Low

EPSS

Percentile

77.0%

JSON

BUGTRAQ ID:30832
CVE ID:CVE-2008-2327
CNCVE ID:CNCVE-20082327

LibTiff是一款负责对TIFF图象格式进行编码/解码的应用库。
LibTIFF 'tif_lzw.c’存在整数下溢问题,远程攻击者可以利用漏洞以链接此库的应用程序权限执行任意指令。
libtiff/tif_lzw.c代码中的"LZWDecode()"和"LZWDecodeCompat()"函数存在错误,通过构建特殊的TIFF文件,诱使用户访问,可触发缓冲区下溢,导致以链接此库的应用程序权限执行任意指令。

LibTIFF LibTIFF 3.8.2

  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    LibTIFF LibTIFF 3.7.2
  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    Debian Linux 4.0 sparc
    Debian Linux 4.0 s/390
    Debian Linux 4.0 powerpc
    Debian Linux 4.0 mipsel
    Debian Linux 4.0 mips
    Debian Linux 4.0 m68k
    Debian Linux 4.0 ia-64
    Debian Linux 4.0 ia-32
    Debian Linux 4.0 hppa
    Debian Linux 4.0 arm
    Debian Linux 4.0 amd64
    Debian Linux 4.0 alpha
    Debian Linux 4.0

Debian Linux操作系统可参考如下升级程序:
Debian Linux 4.0 amd64
Debian libtiff-opengl_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_amd64.deb
Debian libtiff-tools_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_amd64.deb
Debian libtiff4-dev_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_amd64.deb
Debian libtiff4_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_amd64.deb
Debian libtiffxx0c2_3.8.2-7+etch1_amd64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_amd64.deb
Debian Linux 4.0 mipsel
Debian libtiff-opengl_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_mipsel.deb
Debian libtiff-tools_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_mipsel.deb
Debian libtiff4-dev_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_mipsel.deb
Debian libtiff4_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_mipsel.deb
Debian libtiffxx0c2_3.8.2-7+etch1_mipsel.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_mipsel.deb
Debian Linux 4.0 ia-32
Debian libtiff-opengl_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_i386.deb
Debian libtiff-tools_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_i386.deb
Debian libtiff4-dev_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_i386.deb
Debian libtiff4_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_i386.deb
Debian libtiffxx0c2_3.8.2-7+etch1_i386.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_i386.deb
Debian Linux 4.0 hppa
Debian libtiff-opengl_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_hppa.deb
Debian libtiff-tools_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_hppa.deb
Debian libtiff4-dev_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_hppa.deb
Debian libtiff4_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_hppa.deb
Debian libtiffxx0c2_3.8.2-7+etch1_hppa.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_hppa.deb
Debian Linux 4.0 sparc
Debian libtiff-opengl_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_sparc.deb
Debian libtiff-tools_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_sparc.deb
Debian libtiff4-dev_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_sparc.deb
Debian libtiff4_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_sparc.deb
Debian libtiffxx0c2_3.8.2-7+etch1_sparc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_sparc.deb
Debian Linux 4.0 s/390
Debian libtiff-opengl_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_s390.deb
Debian libtiff-tools_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_s390.deb
Debian libtiff4-dev_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_s390.deb
Debian libtiff4_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_s390.deb
Debian libtiffxx0c2_3.8.2-7+etch1_s390.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_s390.deb
Debian Linux 4.0 powerpc
Debian libtiff-opengl_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_powerpc.deb
Debian libtiff-tools_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_powerpc.deb
Debian libtiff4-dev_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_powerpc.deb
Debian libtiff4_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_powerpc.deb
Debian libtiffxx0c2_3.8.2-7+etch1_powerpc.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_powerpc.deb
Debian Linux 4.0 alpha
Debian libtiff-opengl_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_alpha.deb
Debian libtiff-tools_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_alpha.deb
Debian libtiff4-dev_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_alpha.deb
Debian libtiff4_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_alpha.deb
Debian libtiffxx0c2_3.8.2-7+etch1_alpha.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_alpha.deb
Debian Linux 4.0 ia-64
Debian libtiff-opengl_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_ia64.deb
Debian libtiff-tools_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_ia64.deb
Debian libtiff4-dev_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_ia64.deb
Debian libtiff4_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_ia64.deb
Debian libtiffxx0c2_3.8.2-7+etch1_ia64.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_ia64.deb
Debian Linux 4.0 mips
Debian libtiff-opengl_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8</a> .2-7+etch1_mips.deb
Debian libtiff-tools_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.</a> 2-7+etch1_mips.deb
Debian libtiff4-dev_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2</a> -7+etch1_mips.deb
Debian libtiff4_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+e</a> tch1_mips.deb
Debian libtiffxx0c2_3.8.2-7+etch1_mips.deb
<a href=“http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2” target=“_blank”>http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2</a> -7+etch1_mips.deb

Related

openvas 46
nessus 29
fedora 3
ubuntucve 2
ubuntu 1
securityvulns 2
altlinux 2
gentoo 1
prion 2
redhat 3
oraclelinux 3
cve 2
centos 4
debiancve 2
debian 1
veracode 1
vmware 2
openvas
openvas
RedHat Update for libtiff RHSA-2008:0847-01
2009-03-06 00:00:00
Ubuntu Update for tiff vulnerability USN-639-1
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-639-1)
2009-03-23 00:00:00
nessus
nessus
Oracle Linux 3 : libtiff (ELSA-2008-0863)
2013-07-12 00:00:00
GLSA-200809-07 : libTIFF: User-assisted execution of arbitrary code
2008-09-09 00:00:00
openSUSE Security Update : libtiff (libtiff-162)
2009-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: libtiff-3.8.2-11.fc9
2008-09-10 06:37:24
[SECURITY] Fedora 8 Update: libtiff-3.8.2-11.fc8
2008-09-10 06:39:57
[SECURITY] Fedora 9 Update: libtiff-3.8.2-13.fc9
2009-07-03 19:41:40
ubuntucve
ubuntucve
CVE-2008-2327
2008-08-27 00:00:00
CVE-2009-2285
2009-07-01 00:00:00
ubuntu
ubuntu
tiff vulnerability
2008-09-02 00:00:00
securityvulns
securityvulns
[ MDVSA-2008:184 ] libtiff
2008-09-04 00:00:00
libtiff memory corruption
2008-09-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 3.8.2-alt2
2008-08-31 00:00:00
Security fix for the ALT Linux 5 package libtiff version 3.8.2-alt2
2008-08-31 00:00:00
gentoo
gentoo
libTIFF: User-assisted execution of arbitrary code
2008-09-08 00:00:00
prion
prion
Buffer overflow
2008-08-27 20:41:00
Buffer overflow
2009-07-01 13:00:00
redhat
redhat
(RHSA-2008:0847) Important: libtiff security and bug fix update
2008-08-28 00:00:00
(RHSA-2008:0863) Important: libtiff security update
2008-08-28 00:00:00
(RHSA-2008:0848) Important: libtiff security and bug fix update
2008-08-28 00:00:00
oraclelinux
oraclelinux
libtiff security update
2008-08-28 00:00:00
libtiff security and bug fix update
2008-08-28 00:00:00
libtiff security and bug fix update
2008-08-28 00:00:00
cve
cve
CVE-2008-2327
2008-08-27 20:41:00
CVE-2009-2285
2009-07-01 13:00:00
centos
centos
libtiff security update
2008-08-29 00:41:41
libtiff security update
2008-08-29 21:30:43
libtiff security update
2008-10-03 18:34:01
debiancve
debiancve
CVE-2008-2327
2008-08-27 20:41:00
CVE-2009-2285
2009-07-01 13:00:00
debian
debian
[SECURITY] [DSA 1632-1] New tiff packages fix arbitrary code execution
2008-08-26 16:22:23
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:34:39
vmware
vmware
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00

0.006 Low

EPSS

Percentile

77.0%

JSON
Related for SSV:3922
openvas46nessus29fedora3ubuntucve2ubuntu1securityvulns2altlinux2gentoo1prion2redhat3oraclelinux3cve2centos4debiancve2debian1veracode1vmware2