1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA31610

LibTIFF LZW Decoder Buffer Underflow Vulnerability

Report ID: SA31610
Source: Secunia
Date of Discovery: 26.08.2008
Criticality: Moderate
Affects:
LibTIFF 3.x
Compromise From: From remote
Compromise Type: System access
DoS

Summary

A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.

Detailed Description

A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.

The vulnerability is caused due to errors within the "LZWDecode()" and "LZWDecodeCompat()" functions in libtiff/tif_lzw.c. These can be exploited to cause a buffer underflow via a specially crafted TIFF file.

The vulnerability is reported in version 3.8.2. Other versions may also be affected.

Solution

Do not process untrusted TIFF files using LibTIFF.

CVE Reference

CVE-2008-2327