Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2011-2896
HistoryAug 19, 2011 - 12:00 a.m.

CVE-2011-2896

2011-08-1900:00:00
ubuntu.com
ubuntu.com
13

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%

JSON

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David
Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in
filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in
plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte
function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and
other products, does not properly handle code words that are absent from
the decompression table when encountered, which allows remote attackers to
trigger an infinite loop or a heap-based buffer overflow, and possibly
execute arbitrary code, via a crafted compressed stream, a related issue to
CVE-2006-1168 and CVE-2011-2895.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchcups< 1.4.3-1ubuntu1.5UNKNOWN
ubuntu10.10noarchcups< 1.4.4-6ubuntu2.4UNKNOWN
ubuntu11.04noarchcups< 1.4.6-5ubuntu1.4UNKNOWN
ubuntu8.04noarchcupsys< 1.3.7-1ubuntu3.13UNKNOWN
ubuntu10.04noarchgimp< 2.6.8-2ubuntu1.4UNKNOWN
ubuntu10.10noarchgimp< 2.6.10-1ubuntu3.4UNKNOWN
ubuntu11.04noarchgimp< 2.6.11-1ubuntu6.2UNKNOWN
ubuntu11.10noarchgimp< 2.6.11-2ubuntu4UNKNOWN
ubuntu18.04noarchswi-prolog< anyUNKNOWN
ubuntu20.04noarchswi-prolog< anyUNKNOWN
Rows per page:
1-10 of 131

Related

openvas 74
ubuntucve 3
debiancve 3
nessus 64
cve 3
prion 3
oraclelinux 8
veracode 3
debian 3
redhat 9
suse 3
freebsd 2
securityvulns 5
fedora 6
centos 5
gentoo 1
ubuntu 2
freebsd_advisory 1
amazon 1
openvas
openvas
FreeBSD Ports: libXfont
2011-09-21 00:00:00
FreeBSD Ports: libXfont
2011-09-21 00:00:00
Mandriva Update for gimp MDVSA-2011:167 (gimp)
2011-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2011-2895
2011-08-11 00:00:00
CVE-2006-1168
2006-08-14 00:00:00
CVE-2011-3170
2011-08-19 00:00:00
debiancve
debiancve
CVE-2011-2895
2011-08-19 17:55:00
CVE-2011-2896
2011-08-19 17:55:00
CVE-2006-1168
2006-08-14 20:04:00
nessus
nessus
Mandriva Linux Security Advisory : libxfont (MDVSA-2011:153)
2011-10-18 00:00:00
Mandriva Linux Security Advisory : gimp (MDVSA-2011:167)
2011-11-07 00:00:00
Oracle Linux 6 : cups (ELSA-2011-1635)
2023-09-07 00:00:00
cve
cve
CVE-2011-2896
2011-08-19 17:55:00
CVE-2011-2895
2011-08-19 17:55:00
CVE-2006-1168
2006-08-14 20:04:00
prion
prion
Heap overflow
2011-08-19 17:55:00
Heap overflow
2011-08-19 17:55:00
Buffer overflow
2006-08-14 20:04:00
oraclelinux
oraclelinux
Low ncompress security update
2006-11-30 00:00:00
freetype security update
2011-08-15 00:00:00
xorg-x11 security update
2011-08-12 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:52:23
Arbitrary Code Execution
2020-04-10 01:01:36
Remote Code Execution (RCE)
2020-04-10 01:07:09
debian
debian
[SECURITY] [DSA 1149-1] New ncompress packages fix potential code execution
2006-08-10 05:33:16
[SECURITY] [DSA 2293-1] libxfont security update
2011-08-12 14:15:28
[SECURITY] [DSA 2354-1] cups security update
2011-11-30 17:39:49
redhat
redhat
(RHSA-2011:1161) Moderate: freetype security update
2011-08-15 00:00:00
(RHSA-2011:1834) Important: libXfont security update
2011-12-19 00:00:00
(RHSA-2011:1635) Low: cups security and bug fix update
2011-12-06 00:00:00
suse
suse
Security update for Xorg X11 (important)
2011-09-13 17:08:18
Security update for Xorg-X11 (important)
2011-12-06 21:08:30
xorg-x11-libs (important)
2011-12-05 18:08:19
freebsd
freebsd
FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)
2011-09-28 00:00:00
libXfont -- possible local privilege escalation
2011-07-26 00:00:00
securityvulns
securityvulns
[ MDKSA-2006:140 ] - Updated ncompress packages fix vulnerability
2006-08-10 00:00:00
[USN-1214-1] GIMP vulnerability
2011-09-26 00:00:00
libXfont memory corruption
2013-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: cups-1.4.8-2.fc15
2011-08-26 19:12:30
[SECURITY] Fedora 14 Update: pl-5.7.11-7.fc14
2011-09-08 07:10:16
[SECURITY] Fedora 15 Update: pl-5.10.2-5.fc15
2011-09-08 07:07:27
centos
centos
libXfont security update
2011-09-02 16:41:15
ncompress security update
2006-09-13 01:52:24
ncompress security update
2006-09-12 19:02:58
gentoo
gentoo
ncompress: Buffer Underflow
2006-10-06 00:00:00
ubuntu
ubuntu
libXfont vulnerability
2011-08-15 00:00:00
GIMP vulnerability
2011-09-22 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-11:04.compress
2011-09-28 00:00:00
amazon
amazon
Low: busybox
2012-07-05 16:23:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%

JSON
Related for UB:CVE-2011-2896
openvas74ubuntucve3debiancve3nessus64cve3prion3oraclelinux8veracode3debian3redhat9suse3freebsd2securityvulns5fedora6centos5gentoo1ubuntu2freebsd_advisory1amazon1