Lucene search

[email protected]CVE-2011-2896

HistoryAug 19, 2011 - 5:55 p.m.

CVE-2011-2896

2011-08-1917:55:00

CWE-787

[email protected]

web.nvd.nist.gov

lzw decompressor

gif decoder

remote attackers

infinite loop

buffer overflow

cve-2011-2896

8 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%

JSON

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.

CPENameOperatorVersion
swi-prolog:swi-prologswi-prologle5.10.4
apple:cupsapple cupsle1.4.6
gimp:gimpgimple2.6.11

CPE	Name	Operator	Version
swi-prolog:swi-prolog	swi-prolog	le	5.10.4
apple:cups	apple cups	le	1.4.6
gimp:gimp	gimp	le	2.6.11

References

cups.org/str.php?L3867

git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc

lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html

lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html

rhn.redhat.com/errata/RHSA-2012-1180.html

rhn.redhat.com/errata/RHSA-2012-1181.html

secunia.com/advisories/45621

secunia.com/advisories/45900

secunia.com/advisories/45945

secunia.com/advisories/45948

secunia.com/advisories/46024

secunia.com/advisories/48236

secunia.com/advisories/48308

secunia.com/advisories/50737

security.gentoo.org/glsa/glsa-201209-23.xml

www.debian.org/security/2011/dsa-2354

www.debian.org/security/2012/dsa-2426

www.mandriva.com/security/advisories?name=MDVSA-2011:146

www.mandriva.com/security/advisories?name=MDVSA-2011:167

www.openwall.com/lists/oss-security/2011/08/10/10

www.redhat.com/support/errata/RHSA-2011-1635.html

www.securityfocus.com/bid/49148

www.securitytracker.com/id?1025929

www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4

www.ubuntu.com/usn/USN-1207-1

www.ubuntu.com/usn/USN-1214-1

bugzilla.redhat.com/show_bug.cgi?id=727800

bugzilla.redhat.com/show_bug.cgi?id=730338

8 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2011-2896

openvas75 nessus64 prion4 cve3 debiancve4 ubuntucve4 fedora7 redhat9 securityvulns4 ubuntu2 veracode3 oraclelinux7 debian2 centos6 suse2 freebsd2 gentoo1