Lucene search
Ubuntu.comUB:CVE-2011-3170HistoryAug 19, 2011 - 12:00 a.m.
CVE-2011-3170
2011-08-1900:00:00
ubuntu.com
ubuntu.com
8
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.557 Medium
EPSS
Percentile
97.6%
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier
does not properly handle the first code word in an LZW stream, which allows
remote attackers to trigger a heap-based buffer overflow, and possibly
execute arbitrary code, via a crafted stream, a different vulnerability
than CVE-2011-2896.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | This also affects cups 1.5.x and isn’t fixed in 1.5.0 gimp was fixed correctly with a single commit, so doesn’t have this issue, which is an incomplete fix. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | cups | < 1.4.3-1ubuntu1.5 | UNKNOWN |
| ubuntu | 10.10 | noarch | cups | < 1.4.4-6ubuntu2.4 | UNKNOWN |
| ubuntu | 11.04 | noarch | cups | < 1.4.6-5ubuntu1.4 | UNKNOWN |
| ubuntu | 8.04 | noarch | cupsys | < 1.3.7-1ubuntu3.13 | UNKNOWN |
| ubuntu | 18.04 | noarch | swi-prolog | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | swi-prolog | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | swi-prolog | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | swi-prolog | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | swi-prolog | < any | UNKNOWN |
Related
openvas
openvas
Debian: Security Advisory (DSA-2354-1)
2012-02-11 00:00:00
Debian Security Advisory DSA 2354-1 (cups)
2012-02-11 00:00:00
Ubuntu Update for cups USN-1207-1
2011-09-16 00:00:00
debiancve
debiancve
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : cups, cupsys vulnerabilities (USN-1207-1)
2011-09-15 00:00:00
Debian DSA-2354-1 : cups - several vulnerabilities
2011-12-01 00:00:00
Mandriva Linux Security Advisory : cups (MDVSA-2011:147)
2012-09-06 00:00:00
debian
debian
[SECURITY] [DSA 2354-1] cups security update
2011-11-30 17:39:49
[SECURITY] [DSA 2426-1] gimp security update
2012-03-06 18:46:58
cve
cve
ubuntu
ubuntu
CUPS vulnerabilities
2011-09-14 00:00:00
GIMP vulnerability
2011-09-22 00:00:00
prion
prion
checkpoint_advisories
checkpoint_advisories
Apple CUPS gif_read_lzw Heap Buffer Overflow (CVE-2011-3170)
2011-12-20 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: pl-5.7.11-7.fc14
2011-09-08 07:10:16
[SECURITY] Fedora 15 Update: pl-5.10.2-5.fc15
2011-09-08 07:07:27
[SECURITY] Fedora 15 Update: cups-1.4.8-2.fc15
2011-08-26 19:12:30
redhat
redhat
(RHSA-2011:1635) Low: cups security and bug fix update
2011-12-06 00:00:00
(RHSA-2012:0302) Low: cups security and bug fix update
2012-02-21 00:00:00
(RHSA-2012:1180) Moderate: gimp security update
2012-08-20 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 01:07:09
securityvulns
securityvulns
[USN-1214-1] GIMP vulnerability
2011-09-26 00:00:00
gimp memory corruption
2011-09-26 00:00:00
oraclelinux
oraclelinux
cups security and bug fix update
2012-03-01 00:00:00
cups security and bug fix update
2011-12-14 00:00:00
gimp security update
2012-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2011-2895
2011-08-11 00:00:00
CVE-2011-2896
2011-08-19 00:00:00
centos
centos
gimp security update
2012-08-20 16:23:59
gimp security update
2012-08-20 15:14:54
osv
osv
gimp - several
2012-03-06 00:00:00
gentoo
gentoo
CUPS: Multiple vulnerabilities
2012-07-09 00:00:00
GIMP: Multiple vulnerabilities
2012-09-28 00:00:00
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.557 Medium
EPSS
Percentile
97.6%
Related for UB:CVE-2011-3170