Vulnerability CVE-2008-2327 - CERT Civis.Net

Vulnerability Name:

CVE-2008-2327 (CCN-44667)

Assigned:

2008-08-26

Published:

2008-08-26

Updated:

2018-10-11

Summary:

Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=234080

Source: MITRE
Type: CNA
CVE-2008-2327

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-11-13

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-15

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-11-20

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:018

Source: CCN
Type: VMSA-2008-0017
Updated ESX packages for libxml2, ucd-snmp, libtiff

Source: CCN
Type: RHSA-2008-0847
Important: libtiff security and bug fix update

Source: CCN
Type: RHSA-2008-0848
Important: libtiff security and bug fix update

Source: CCN
Type: RHSA-2008-0863
Important: libtiff security update

Source: CCN
Type: SA31610
LibTIFF LZW Decoder Buffer Underflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
31610

Source: SECUNIA
Type: Vendor Advisory
31623

Source: SECUNIA
Type: Vendor Advisory
31668

Source: SECUNIA
Type: Vendor Advisory
31670

Source: SECUNIA
Type: Vendor Advisory
31698

Source: SECUNIA
Type: Vendor Advisory
31838

Source: CCN
Type: SA31882
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31882

Source: SECUNIA
Type: UNKNOWN
31982

Source: CCN
Type: SA32488
VMware ESX Server update for libxml2

Source: CCN
Type: SA32688
Apple iLife / Aperture Image Processing Vulnerabilities

Source: CCN
Type: SA32706
Apple Safari Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32706

Source: CCN
Type: SA32756
Apple iPhone / iPod touch Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
32756

Source: CCN
Type: Debian Security Tracker Web site
CVE-2008-2327: libtiff buffer undeflow

Source: CONFIRM
Type: UNKNOWN
http://security-tracker.debian.net/tracker/CVE-2008-2327

Source: CONFIRM
Type: UNKNOWN
http://security-tracker.debian.net/tracker/DSA-1632-1

Source: CONFIRM
Type: UNKNOWN
http://security-tracker.debian.net/tracker/DTSA-160-1

Source: GENTOO
Type: UNKNOWN
GLSA-200809-07

Source: CCN
Type: SECTRACK ID: 1020750
LibTIFF Buffer Underflow in Decoding LZW Data Lets Remote Users Execute Arbitrary Code

Source: SUNALERT
Type: UNKNOWN
265030

Source: CCN
Type: Apple Web site
About the security content of iLife Support 8.3.1

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3276

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3298

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3318

Source: CCN
Type: ASA-2008-374
libtiff security and bug fix update (RHSA-2008-0848)

Source: CCN
Type: ASA-2008-375
libtiff security update (RHSA-2008-0863)

Source: DEBIAN
Type: Patch
DSA-1632

Source: DEBIAN
Type: DSA-1632
tiff -- buffer underflow

Source: CCN
Type: GLSA-200809-07
libTIFF: User-assisted execution of arbitrary code

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:184

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0847

Source: REDHAT
Type: Vendor Advisory
RHSA-2008:0848

Source: REDHAT
Type: Vendor Advisory
RHSA-2008:0863

Source: CCN
Type: LibTIFF Web page
LibTIFF - TIFF Library and Utilities

Source: BUGTRAQ
Type: UNKNOWN
20080905 rPSA-2008-0268-1 libtiff

Source: BUGTRAQ
Type: UNKNOWN
20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff

Source: BID
Type: UNKNOWN
30832

Source: CCN
Type: BID-30832
LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020750

Source: CCN
Type: USN-639-1
tiff vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-639-1

Source: CERT
Type: US Government Resource
TA08-260A

Source: MISC
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0017.html

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2438

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2584

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2776

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2971

Source: VUPEN
Type: Vendor Advisory
ADV-2008-3107

Source: VUPEN
Type: UNKNOWN
ADV-2008-3232

Source: VUPEN
Type: Vendor Advisory
ADV-2009-2143

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=458674

Source: XF
Type: UNKNOWN
libtiff-lzwdecode-lzwdecodecompat-bo(44667)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11489

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5514

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7370

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7388

Source: SUSE
Type: SUSE-SR:2008:018
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:*:*:*:*:*:*:*:* (Version <= 3.8.2)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apple:aperture:2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20082327	V	CVE-2008-2327	2022-06-30
oval:org.opensuse.security:def:42383	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:42178	P	Security update for permissions (Moderate)	2022-01-20
oval:org.opensuse.security:def:112875	P	libtiff-devel-32bit-4.3.0-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:31753	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:31324	P	Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:32219	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31702	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:26156	P	Security update for open-lldp (Moderate)	2021-10-26
oval:org.opensuse.security:def:31291	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:31691	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:32197	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:31690	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:106335	P	libtiff-devel-32bit-4.3.0-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:31683	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:26119	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:26115	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31250	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:31661	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:26097	P	Security update for lasso (Important)	2021-08-02
oval:org.opensuse.security:def:31239	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:32158	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:31238	P	Security update for qemu (Important)	2021-07-29
oval:org.opensuse.security:def:32144	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:36224	P	libtiff3-3.8.2-141.154.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36494	P	libtiff-devel-3.8.2-141.154.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42631	P	libtiff3-3.8.2-141.154.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32109	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26058	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:26055	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:26053	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:26044	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:26043	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:31159	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26039	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:32901	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:31605	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:26205	P	Security update for openssl-1_0_0 (Moderate)	2021-03-08
oval:org.opensuse.security:def:31739	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:32263	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:26199	P	Security update for ImageMagick (Moderate)	2021-02-25
oval:org.opensuse.security:def:31692	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:32940	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:25977	P	Security update for openssl-1_1 (Important)	2020-12-10
oval:org.opensuse.security:def:31085	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:35976	P	libtiff3-3.8.2-141.152.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35605	P	libtiff3-3.8.2-141.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35771	P	libtiff3-3.8.2-141.142.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42012	P	libtiff3-3.8.2-141.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32000	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:25157	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25898	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31992	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26975	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25526	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31529	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:32405	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:27457	P	liblcms-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25232	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:31440	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:26000	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32058	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25538	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:26403	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:32466	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:25441	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32735	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25730	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:31897	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:33148	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25582	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:31788	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26735	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25868	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:26549	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26328	P	used on wotan :) (Low)	2020-12-01
oval:org.opensuse.security:def:25786	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31849	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25322	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:31456	P	Security update for postgresql91	2020-12-01
oval:org.opensuse.security:def:27222	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25773	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31776	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26469	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:25874	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32531	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25397	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25785	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26673	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25932	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:31074	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25606	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:31848	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:26258	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:31443	P	Security update for policycoreutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:26761	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26605	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25156	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25747	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:31953	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26940	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31455	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:32356	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:26819	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25168	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:31383	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:25951	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:32014	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25527	P	Security update for java-11-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26350	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:32444	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27492	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25360	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:31527	P	Security update for Ruby	2020-12-01
oval:org.opensuse.security:def:32696	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25602	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31810	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26452	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:32510	P	file-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25498	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25811	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:32053	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26505	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:33187	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26247	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:25733	P	Security update for mgetty (Moderate)	2020-12-01
oval:org.opensuse.security:def:31827	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26770	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25321	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27187	P	libgdiplus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26385	P	Security update for go (Moderate)	2020-12-01
oval:org.opensuse.security:def:25835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31893	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25333	P	Security update for apache-commons-httpclient (Important)	2020-12-01
oval:org.opensuse.security:def:31548	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25774	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31908	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26620	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32570	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31073	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25525	P	Security update for ruby2.1 (Important)	2020-12-01
oval:org.opensuse.security:def:26244	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:25849	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:32057	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26722	P	kbd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26570	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25663	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31904	P	Security update for foomatic-filters (Moderate)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:31444	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:32300	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26775	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:28973	P	RHSA-2008:0847 -- libtiff security and bug fix update (Important)	2015-08-17
oval:org.mitre.oval:def:17803	P	USN-639-1 -- tiff vulnerability	2014-06-30
oval:org.mitre.oval:def:18179	P	DSA-1632-1 tiff - arbitrary code execution	2014-06-23
oval:org.mitre.oval:def:7619	P	DSA-1632 tiff -- buffer underflow	2014-06-23
oval:org.mitre.oval:def:22496	P	ELSA-2008:0847: libtiff security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:11489	V	Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.	2013-04-29
oval:org.mitre.oval:def:5514	V	LibTIFF Buffer Underflow in Decoding LZW Data Lets Remote Users Execute Arbitrary Code	2010-05-17
oval:com.redhat.rhsa:def:20080847	P	RHSA-2008:0847: libtiff security and bug fix update (Important)	2008-08-28
oval:com.redhat.rhsa:def:20080848	P	RHSA-2008:0848: libtiff security and bug fix update (Important)	2008-08-28
oval:com.redhat.rhsa:def:20080863	P	RHSA-2008:0863: libtiff security update (Important)	2008-08-28
oval:org.debian:def:1632	V	buffer underflow	2008-08-26