CVE-2008-2327

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 3.8.2 libtiff-devel versions prior to 3.8.2

Description The issue is related to multiple buffer underflows in the LZW decoder functions, specifically in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif lzw.c, allowing context-dependent attackers to execute arbitrary code via a crafted TIFF file. This is due to improper handling of the CODE CLEAR code. The exploitation of these vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For libtiff versions prior to 3.8.2, update to version 3.8.2 or later to resolve the issue. For libtiff-devel versions prior to 3.8.2, update to version 3.8.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LZW decoder functions until a patch is available.