CVE-2008-2327 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-2327 Interim 1 17 2025-11-05T06:14:31Z current 2021-05-30T12:42:43Z 2025-11-05T06:14:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-2327 Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2C5WNTYWAC6OAKJJPA5EXSNETFH4M536/#2C5WNTYWAC6OAKJJPA5EXSNETFH4M536 E-Mail link for SUSE-SR:2008:018 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 openSUSE Tumbleweed libtiff-devel-3.8.2-141.154.1 libtiff-devel-32bit-3.8.2-141.154.1 libtiff-devel-32bit-4.3.0-1.3 libtiff-devel-4.3.0-1.3 libtiff-devel-4.7.0-160000.2.2 libtiff3-3.8.2-141.142.1 libtiff3-3.8.2-141.152.1 libtiff3-3.8.2-141.154.1 libtiff3-3.8.2-141.8.1 libtiff3-32bit-3.8.2-141.142.1 libtiff3-32bit-3.8.2-141.152.1 libtiff3-32bit-3.8.2-141.154.1 libtiff3-32bit-3.8.2-141.8.1 libtiff3-x86-3.8.2-141.142.1 libtiff3-x86-3.8.2-141.152.1 libtiff3-x86-3.8.2-141.154.1 libtiff3-x86-3.8.2-141.8.1 libtiff5-32bit-4.3.0-1.3 libtiff5-4.3.0-1.3 libtiff6-4.6.0-3.3 libtiff6-4.6.0-slfo.1.1_1.3 libtiff6-4.7.0-160000.2.2 tiff-3.8.2-141.142.1 tiff-3.8.2-141.152.1 tiff-3.8.2-141.154.1 tiff-3.8.2-141.8.1 tiff-4.3.0-1.3 tiff-4.7.0-160000.2.2 libtiff3-3.8.2-141.8.1 as a component of SUSE Linux Enterprise Server 11 SP1 libtiff3-32bit-3.8.2-141.8.1 as a component of SUSE Linux Enterprise Server 11 SP1 libtiff3-x86-3.8.2-141.8.1 as a component of SUSE Linux Enterprise Server 11 SP1 tiff-3.8.2-141.8.1 as a component of SUSE Linux Enterprise Server 11 SP1 libtiff3-3.8.2-141.142.1 as a component of SUSE Linux Enterprise Server 11 SP2 libtiff3-32bit-3.8.2-141.142.1 as a component of SUSE Linux Enterprise Server 11 SP2 libtiff3-x86-3.8.2-141.142.1 as a component of SUSE Linux Enterprise Server 11 SP2 tiff-3.8.2-141.142.1 as a component of SUSE Linux Enterprise Server 11 SP2 libtiff3-3.8.2-141.152.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtiff3-32bit-3.8.2-141.152.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtiff3-x86-3.8.2-141.152.1 as a component of SUSE Linux Enterprise Server 11 SP3 tiff-3.8.2-141.152.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtiff3-3.8.2-141.154.1 as a component of SUSE Linux Enterprise Server 11 SP4 libtiff3-32bit-3.8.2-141.154.1 as a component of SUSE Linux Enterprise Server 11 SP4 libtiff3-x86-3.8.2-141.154.1 as a component of SUSE Linux Enterprise Server 11 SP4 tiff-3.8.2-141.154.1 as a component of SUSE Linux Enterprise Server 11 SP4 libtiff-devel-4.7.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libtiff6-4.7.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 tiff-4.7.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 libtiff-devel-3.8.2-141.154.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libtiff-devel-32bit-3.8.2-141.154.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libtiff6-4.6.0-3.3 as a component of SUSE Linux Micro 6.0 libtiff6-4.6.0-slfo.1.1_1.3 as a component of SUSE Linux Micro 6.1 libtiff-devel-4.3.0-1.3 as a component of openSUSE Tumbleweed libtiff-devel-32bit-4.3.0-1.3 as a component of openSUSE Tumbleweed libtiff5-4.3.0-1.3 as a component of openSUSE Tumbleweed libtiff5-32bit-4.3.0-1.3 as a component of openSUSE Tumbleweed tiff-4.3.0-1.3 as a component of openSUSE Tumbleweed Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. CVE-2008-2327 SUSE Linux Enterprise Server 11 SP1:libtiff3-3.8.2-141.8.1 SUSE Linux Enterprise Server 11 SP1:libtiff3-32bit-3.8.2-141.8.1 SUSE Linux Enterprise Server 11 SP1:libtiff3-x86-3.8.2-141.8.1 SUSE Linux Enterprise Server 11 SP1:tiff-3.8.2-141.8.1 SUSE Linux Enterprise Server 11 SP2:libtiff3-3.8.2-141.142.1 SUSE Linux Enterprise Server 11 SP2:libtiff3-32bit-3.8.2-141.142.1 SUSE Linux Enterprise Server 11 SP2:libtiff3-x86-3.8.2-141.142.1 SUSE Linux Enterprise Server 11 SP2:tiff-3.8.2-141.142.1 SUSE Linux Enterprise Server 11 SP3:libtiff3-3.8.2-141.152.1 SUSE Linux Enterprise Server 11 SP3:libtiff3-32bit-3.8.2-141.152.1 SUSE Linux Enterprise Server 11 SP3:libtiff3-x86-3.8.2-141.152.1 SUSE Linux Enterprise Server 11 SP3:tiff-3.8.2-141.152.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.154.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.154.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.154.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.154.1 SUSE Linux Enterprise Server 16.0:libtiff-devel-4.7.0-160000.2.2 SUSE Linux Enterprise Server 16.0:libtiff6-4.7.0-160000.2.2 SUSE Linux Enterprise Server 16.0:tiff-4.7.0-160000.2.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.154.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.154.1 SUSE Linux Micro 6.0:libtiff6-4.6.0-3.3 SUSE Linux Micro 6.1:libtiff6-4.6.0-slfo.1.1_1.3 openSUSE Tumbleweed:libtiff-devel-4.3.0-1.3 openSUSE Tumbleweed:libtiff-devel-32bit-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-4.3.0-1.3 openSUSE Tumbleweed:libtiff5-32bit-4.3.0-1.3 openSUSE Tumbleweed:tiff-4.3.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P