• 공개일 : 2009-07-01
• 변경일 : 2010-04-02
• 위험도 : 중간
• 공격 범위 : 인터넷, 사용자가 공격자에게 접근해야 공격 가능
• 피해 유형 : 기밀 유출

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

• SECUNIA, 35695
• APPLE, APPLE-SA-2010-03-11-1
• CONFIRM, http://bugzilla.maptools.org/show_bug.cgi?id=2065
• APPLE, APPLE-SA-2010-03-30-2
• APPLE, APPLE-SA-2009-11-09-1
• APPLE, APPLE-SA-2010-02-02-1
• APPLE, APPLE-SA-2010-01-19-1
• SECUNIA, 35883
• SECUNIA, 35912
• SECUNIA, 38241
• SECUNIA, 36831
• SECUNIA, 36194
• SECUNIA, 39135
• SECUNIA, 35866
• SECUNIA, 35716
• GENTOO, GLSA-200908-03
• CONFIRM, http://support.apple.com/kb/HT4070
• SUNALERT, 267808
• DEBIAN, DSA-1835
• CONFIRM, http://support.apple.com/kb/HT4004
• CONFIRM, http://support.apple.com/kb/HT3937
• MLIST, [oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat
• MLIST, [oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat
• MISC, http://www.lan.st/showthread.php?t=1856&page=3
• FEDORA, FEDORA-2009-7763
• CONFIRM, http://support.apple.com/kb/HT4013
• UBUNTU, USN-797-1
• REDHAT, RHSA-2009:1159
• MLIST, [oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer..
• VUPEN, ADV-2009-2727
• VUPEN, ADV-2009-3184
• FEDORA, FEDORA-2009-7417
• FEDORA, FEDORA-2009-7358
• FEDORA, FEDORA-2009-7335
• VUPEN, ADV-2009-1637
• CONFIRM, https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149
• VUPEN, ADV-2010-0173
• FEDORA, FEDORA-2009-7717

• LibTIFF LibTIFF 3.8.2