Lucene search

[email protected]CVE-2011-3170

HistoryAug 19, 2011 - 5:55 p.m.

CVE-2011-3170

2011-08-1917:55:03

CWE-119

[email protected]

web.nvd.nist.gov

cups

buffer overflow

remote attack

cve-2011-3170

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.557 Medium

EPSS

Percentile

97.7%

JSON

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

Affected configurations

NVD

Node

applecupsRange≤1.4.8

applecupsMatch1.1

applecupsMatch1.1.1

applecupsMatch1.1.2

applecupsMatch1.1.3

applecupsMatch1.1.4

applecupsMatch1.1.5

applecupsMatch1.1.5-1

applecupsMatch1.1.5-2

applecupsMatch1.1.6

applecupsMatch1.1.6-1

applecupsMatch1.1.6-2

applecupsMatch1.1.6-3

applecupsMatch1.1.7

applecupsMatch1.1.8

applecupsMatch1.1.9

applecupsMatch1.1.9-1

applecupsMatch1.1.10

applecupsMatch1.1.10-1

applecupsMatch1.1.11

applecupsMatch1.1.12

applecupsMatch1.1.13

applecupsMatch1.1.14

applecupsMatch1.1.15

applecupsMatch1.1.16

applecupsMatch1.1.17

applecupsMatch1.1.18

applecupsMatch1.1.19

applecupsMatch1.1.19rc1

applecupsMatch1.1.19rc2

applecupsMatch1.1.19rc3

applecupsMatch1.1.19rc4

applecupsMatch1.1.19rc5

applecupsMatch1.1.20

applecupsMatch1.1.20rc1

applecupsMatch1.1.20rc2

applecupsMatch1.1.20rc3

applecupsMatch1.1.20rc4

applecupsMatch1.1.20rc5

applecupsMatch1.1.20rc6

applecupsMatch1.1.21

applecupsMatch1.1.21rc1

applecupsMatch1.1.21rc2

applecupsMatch1.1.22

applecupsMatch1.1.22rc1

applecupsMatch1.1.22rc2

applecupsMatch1.1.23

applecupsMatch1.1.23rc1

applecupsMatch1.2b1

applecupsMatch1.2b2

applecupsMatch1.2rc1

applecupsMatch1.2rc2

applecupsMatch1.2rc3

applecupsMatch1.2.0

applecupsMatch1.2.1

applecupsMatch1.2.2

applecupsMatch1.2.3

applecupsMatch1.2.4

applecupsMatch1.2.5

applecupsMatch1.2.6

applecupsMatch1.2.7

applecupsMatch1.2.8

applecupsMatch1.2.9

applecupsMatch1.2.10

applecupsMatch1.2.11

applecupsMatch1.2.12

applecupsMatch1.3b1

applecupsMatch1.3rc1

applecupsMatch1.3rc2

applecupsMatch1.3.0

applecupsMatch1.3.1

applecupsMatch1.3.2

applecupsMatch1.3.3

applecupsMatch1.3.4

applecupsMatch1.3.5

applecupsMatch1.3.6

applecupsMatch1.3.7

applecupsMatch1.3.8

applecupsMatch1.3.9

applecupsMatch1.3.10

applecupsMatch1.3.11

applecupsMatch1.4b1

applecupsMatch1.4b2

applecupsMatch1.4b3

applecupsMatch1.4rc1

applecupsMatch1.4.0

applecupsMatch1.4.1

applecupsMatch1.4.2

applecupsMatch1.4.3

applecupsMatch1.4.4

applecupsMatch1.4.5

applecupsMatch1.4.6

applecupsMatch1.4.7

CPENameOperatorVersion
apple:cupsapple cupsle1.4.8
apple:cupsapple cupseq1.1
apple:cupsapple cupseq1.1.1
apple:cupsapple cupseq1.1.2
apple:cupsapple cupseq1.1.3
apple:cupsapple cupseq1.1.4
apple:cupsapple cupseq1.1.5
apple:cupsapple cupseq1.1.5-1
apple:cupsapple cupseq1.1.5-2
apple:cupsapple cupseq1.1.6

CPE	Name	Operator	Version
apple:cups	apple cups	le	1.4.8
apple:cups	apple cups	eq	1.1
apple:cups	apple cups	eq	1.1.1
apple:cups	apple cups	eq	1.1.2
apple:cups	apple cups	eq	1.1.3
apple:cups	apple cups	eq	1.1.4
apple:cups	apple cups	eq	1.1.5
apple:cups	apple cups	eq	1.1.5-1
apple:cups	apple cups	eq	1.1.5-2
apple:cups	apple cups	eq	1.1.6