CVE-2009-2285 — tiff - several vulnerabilities

Description

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

How to fix CVE-2009-2285

To remediate CVE-2009-2285, upgrade the affected package to a fixed version below.

Debian/tiff—upgrade to 3.8.2-12 or later
Debian/tiff—upgrade to 3.8.2-7+etch3 or later

Is CVE-2009-2285 being exploited?

Moderate — EPSS is 16.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 3.8.2-12
from 0, < 3.8.2-7+etch3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-2285