Lucene search

[email protected]CVE-2011-2895

HistoryAug 19, 2011 - 5:55 p.m.

CVE-2011-2895

2011-08-1917:55:03

CWE-119

[email protected]

web.nvd.nist.gov

207

cve-2011-2895

lzw decompressor

x.org libxfont

buffer overflow

infinite loop

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Affected configurations

NVD

Node

freetypefreetypeMatch2.1.9

xlibxfontRange≤1.4.3

xlibxfontMatch1.2.0

xlibxfontMatch1.2.1

xlibxfontMatch1.2.2

xlibxfontMatch1.2.3

xlibxfontMatch1.2.4

xlibxfontMatch1.2.5

xlibxfontMatch1.2.6

xlibxfontMatch1.2.7

xlibxfontMatch1.2.8

xlibxfontMatch1.2.9

xlibxfontMatch1.3.0

xlibxfontMatch1.3.1

xlibxfontMatch1.3.2

xlibxfontMatch1.3.3

xlibxfontMatch1.3.4

xlibxfontMatch1.4.0

xlibxfontMatch1.4.1

xlibxfontMatch1.4.2

freebsdfreebsd

netbsdnetbsd

openbsdopenbsdRange≤3.7

openbsdopenbsdMatch2.0

openbsdopenbsdMatch2.1

openbsdopenbsdMatch2.2

openbsdopenbsdMatch2.3

openbsdopenbsdMatch2.4

openbsdopenbsdMatch2.5

openbsdopenbsdMatch2.6

openbsdopenbsdMatch2.7

openbsdopenbsdMatch2.8

openbsdopenbsdMatch2.9

openbsdopenbsdMatch3.0

openbsdopenbsdMatch3.1

openbsdopenbsdMatch3.2

openbsdopenbsdMatch3.3

openbsdopenbsdMatch3.4

openbsdopenbsdMatch3.5

openbsdopenbsdMatch3.6

CPENameOperatorVersion
freetype:freetypefreetypeeq2.1.9
x:libxfontx libxfontle1.4.3
x:libxfontx libxfonteq1.2.0
x:libxfontx libxfonteq1.2.1
x:libxfontx libxfonteq1.2.2
x:libxfontx libxfonteq1.2.3
x:libxfontx libxfonteq1.2.4
x:libxfontx libxfonteq1.2.5
x:libxfontx libxfonteq1.2.6
x:libxfontx libxfonteq1.2.7

CPE	Name	Operator	Version
freetype:freetype	freetype	eq	2.1.9
x:libxfont	x libxfont	le	1.4.3
x:libxfont	x libxfont	eq	1.2.0
x:libxfont	x libxfont	eq	1.2.1
x:libxfont	x libxfont	eq	1.2.2
x:libxfont	x libxfont	eq	1.2.3
x:libxfont	x libxfont	eq	1.2.4
x:libxfont	x libxfont	eq	1.2.5
x:libxfont	x libxfont	eq	1.2.6
x:libxfont	x libxfont	eq	1.2.7

Rows per page:

1-10 of 401

References

cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

lists.apple.com/archives/security-announce/2015/Dec/msg00002.html

lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html

lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html

lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html

lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html

secunia.com/advisories/45544

secunia.com/advisories/45568

secunia.com/advisories/45599

secunia.com/advisories/45986

secunia.com/advisories/46127

secunia.com/advisories/48951

securitytracker.com/id?1025920

support.apple.com/kb/HT5130

support.apple.com/kb/HT5281

www.debian.org/security/2011/dsa-2293

www.mandriva.com/security/advisories?name=MDVSA-2011:153

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

www.openwall.com/lists/oss-security/2011/08/10/10

www.redhat.com/support/errata/RHSA-2011-1154.html

www.redhat.com/support/errata/RHSA-2011-1155.html

www.redhat.com/support/errata/RHSA-2011-1161.html

www.redhat.com/support/errata/RHSA-2011-1834.html

www.securityfocus.com/bid/49124

www.ubuntu.com/usn/USN-1191-1

bugzilla.redhat.com/show_bug.cgi?id=725760

bugzilla.redhat.com/show_bug.cgi?id=727624

exchange.xforce.ibmcloud.com/vulnerabilities/69141

support.apple.com/HT205635

support.apple.com/HT205637

support.apple.com/HT205640

support.apple.com/HT205641

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2011-2895

openvas70 cve2 nessus62 prion3 nvd3 debiancve4 ubuntucve3 cvelist3 oraclelinux7 redhat7 freebsd2 suse4 centos6 veracode4 securityvulns5 freebsd_advisory1 ubuntu2 debian2 gentoo2 fedora6 amazon1