Lucene search

K

PRIOn knowledge basePRION:CVE-2011-3170

HistoryAug 19, 2011 - 5:55 p.m.

Heap overflow

2011-08-1917:55:00

PRIOn knowledge base

www.prio-n.com

7

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.534 Medium

EPSS

Percentile

97.5%

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

CPENameOperatorVersion
cupseq1.1.20
cupseq1.4 b1
cupseq1.1.5-2
cupseq1.3.9
cupseq1.1.14
cupseq1.3 rc2
cupseq1.1.6-1
cupseq1.1.18
cupseq1.1.12
cupseq1.3.11

Rows per page:

1-10 of 931

References

cups.org/str.php?L3914

secunia.com/advisories/45796

secunia.com/advisories/46024

security.gentoo.org/glsa/glsa-201207-10.xml

www.debian.org/security/2011/dsa-2354

www.mandriva.com/security/advisories?name=MDVSA-2011:146

www.mandriva.com/security/advisories?name=MDVSA-2011:147

www.securityfocus.com/bid/49323

www.securitytracker.com/id?1025980

www.ubuntu.com/usn/USN-1207-1

bugzilla.redhat.com/show_bug.cgi?id=727800

exchange.xforce.ibmcloud.com/vulnerabilities/69380

7.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.534 Medium

EPSS

Percentile

97.5%

Related for PRION:CVE-2011-3170

openvas57 debiancve3 nessus42 cve3 ubuntu2 ubuntucve3 debian2 checkpoint_advisories1 fedora9 redhat4 veracode1 securityvulns2 oraclelinux4 centos2 prion2 osv1 gentoo2