Lucene search

K
cve[email protected]CVE-2011-3170
HistoryAug 19, 2011 - 5:55 p.m.

CVE-2011-3170

2011-08-1917:55:00
CWE-119
web.nvd.nist.gov
54
cups
buffer overflow
remote attack
cve-2011-3170
nvd

7.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.534 Medium

EPSS

Percentile

97.6%

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

7.3 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.534 Medium

EPSS

Percentile

97.6%

Related for CVE-2011-3170