CVE-2008-2327 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Vendor	Product	Version
libtiff	libtiff	𝑥 ≤ 3.8.2
libtiff	libtiff	3.4
libtiff	libtiff	3.5.1
libtiff	libtiff	3.5.2
libtiff	libtiff	3.5.3
libtiff	libtiff	3.5.4
libtiff	libtiff	3.5.5
libtiff	libtiff	3.5.6
libtiff	libtiff	3.5.7
libtiff	libtiff	3.6.0
libtiff	libtiff	3.6.1
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.1
libtiff	libtiff	3.8.0
libtiff	libtiff	3.8.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tiff

bullseye (security)	4.2.0-1+deb11u5 fixed
bullseye	4.2.0-1+deb11u5 fixed
bookworm	4.5.0-6+deb12u1 fixed
bookworm (security)	4.5.0-6+deb12u1 fixed
sid	4.5.1+git230720-5 fixed
trixie	4.5.1+git230720-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

tiff

hardy	Fixed 3.8.2-7ubuntu3.1 released
gutsy	Fixed 3.8.2-7ubuntu2.1 released
feisty	Fixed 3.8.2-6ubuntu1 released
dapper	Fixed 3.7.4-1ubuntu3.3 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://bugs.gentoo.org/show_bug.cgi?id=234080

http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://secunia.com/advisories/31610

http://secunia.com/advisories/31623

http://secunia.com/advisories/31668

http://secunia.com/advisories/31670

http://secunia.com/advisories/31698

http://secunia.com/advisories/31838

http://secunia.com/advisories/31882

http://secunia.com/advisories/31982

http://secunia.com/advisories/32706

http://secunia.com/advisories/32756

http://security-tracker.debian.net/tracker/CVE-2008-2327

http://security-tracker.debian.net/tracker/DSA-1632-1

http://security-tracker.debian.net/tracker/DTSA-160-1

http://security.gentoo.org/glsa/glsa-200809-07.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1

http://support.apple.com/kb/HT3276

http://support.apple.com/kb/HT3298

http://support.apple.com/kb/HT3318

http://www.debian.org/security/2008/dsa-1632

http://www.mandriva.com/security/advisories?name=MDVSA-2008:184

http://www.redhat.com/support/errata/RHSA-2008-0847.html

http://www.redhat.com/support/errata/RHSA-2008-0848.html

http://www.redhat.com/support/errata/RHSA-2008-0863.html

http://www.securityfocus.com/archive/1/496033/100/0/threaded

http://www.securityfocus.com/archive/1/497962/100/0/threaded

http://www.securityfocus.com/bid/30832

http://www.securitytracker.com/id?1020750

http://www.ubuntu.com/usn/usn-639-1

http://www.us-cert.gov/cas/techalerts/TA08-260A.html

http://www.vmware.com/security/advisories/VMSA-2008-0017.html

http://www.vupen.com/english/advisories/2008/2438

http://www.vupen.com/english/advisories/2008/2584

http://www.vupen.com/english/advisories/2008/2776

http://www.vupen.com/english/advisories/2008/2971

http://www.vupen.com/english/advisories/2008/3107

http://www.vupen.com/english/advisories/2008/3232

http://www.vupen.com/english/advisories/2009/2143

https://bugzilla.redhat.com/show_bug.cgi?id=458674

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html

http://bugs.gentoo.org/show_bug.cgi?id=234080

http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://secunia.com/advisories/31610

http://secunia.com/advisories/31623

http://secunia.com/advisories/31668

http://secunia.com/advisories/31670

http://secunia.com/advisories/31698

http://secunia.com/advisories/31838

http://secunia.com/advisories/31882

http://secunia.com/advisories/31982

http://secunia.com/advisories/32706

http://secunia.com/advisories/32756

http://security-tracker.debian.net/tracker/CVE-2008-2327

http://security-tracker.debian.net/tracker/DSA-1632-1

http://security-tracker.debian.net/tracker/DTSA-160-1

http://security.gentoo.org/glsa/glsa-200809-07.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1

http://support.apple.com/kb/HT3276

http://support.apple.com/kb/HT3298

http://support.apple.com/kb/HT3318

http://www.debian.org/security/2008/dsa-1632

http://www.mandriva.com/security/advisories?name=MDVSA-2008:184

http://www.redhat.com/support/errata/RHSA-2008-0847.html

http://www.redhat.com/support/errata/RHSA-2008-0848.html

http://www.redhat.com/support/errata/RHSA-2008-0863.html

http://www.securityfocus.com/archive/1/496033/100/0/threaded

http://www.securityfocus.com/archive/1/497962/100/0/threaded

http://www.securityfocus.com/bid/30832

http://www.securitytracker.com/id?1020750

http://www.ubuntu.com/usn/usn-639-1

http://www.us-cert.gov/cas/techalerts/TA08-260A.html

http://www.vmware.com/security/advisories/VMSA-2008-0017.html

http://www.vupen.com/english/advisories/2008/2438

http://www.vupen.com/english/advisories/2008/2584

http://www.vupen.com/english/advisories/2008/2776

http://www.vupen.com/english/advisories/2008/2971

http://www.vupen.com/english/advisories/2008/3107

http://www.vupen.com/english/advisories/2008/3232

http://www.vupen.com/english/advisories/2009/2143

https://bugzilla.redhat.com/show_bug.cgi?id=458674

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html