CVE-2011-2895

2011-08-1100:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.9%

JSON

The LZW decompressor in (1) the BufCompressedFill function in
fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)
compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8,
FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1,
FreeType 2.1.9, and other products, does not properly handle code words
that are absent from the decompression table when encountered, which allows
context-dependent attackers to trigger an infinite loop or a heap-based
buffer overflow, and possibly execute arbitrary code, via a crafted
compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2895>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlibxfont< 1:1.4.1-1ubuntu0.1UNKNOWN
ubuntu10.10noarchlibxfont< 1:1.4.2-1ubuntu0.1UNKNOWN
ubuntu11.04noarchlibxfont< 1:1.4.3-2ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	libxfont	< 1:1.4.1-1ubuntu0.1	UNKNOWN
ubuntu	10.10	noarch	libxfont	< 1:1.4.2-1ubuntu0.1	UNKNOWN
ubuntu	11.04	noarch	libxfont	< 1:1.4.3-2ubuntu0.1	UNKNOWN