CVE-2011-3170

2011-08-19T17:55:00
ID CVE-2011-3170
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:30:00

Description

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.