CVE-2009-2285

Published: 1 July 2009

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

Priority

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	upstream	Needs triage
	dapper	Released (3.7.4-1ubuntu3.4)
	hardy	Released (3.8.2-7ubuntu3.2)
	intrepid	Released (3.8.2-11ubuntu0.8.10.1)
	jaunty	Released (3.8.2-11ubuntu0.9.04.1)
	Patches: upstream: http://bugzilla.maptools.org/attachment.cgi?id=279

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
https://ubuntu.com/security/notices/USN-797-1
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149
http://www.lan.st/showthread.php?t=1856&page=3
http://bugzilla.maptools.org/show_bug.cgi?id=2065
http://bugzilla.maptools.org/show_bug.cgi?id=1985
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534137

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›