Lucene search

K

[email protected]NVD:CVE-2011-2896

HistoryAug 19, 2011 - 5:55 p.m.

CVE-2011-2896

2011-08-1917:55:03

CWE-787

[email protected]

web.nvd.nist.gov

1

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.

Affected configurations

NVD

Node

swi-prologswi-prologRange≤5.10.4

Node

applecupsRange≤1.4.6

Node

gimpgimpRange≤2.6.11

References

cups.org/str.php?L3867

git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc

lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html

lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html

lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html

rhn.redhat.com/errata/RHSA-2012-1180.html

rhn.redhat.com/errata/RHSA-2012-1181.html

secunia.com/advisories/45621

secunia.com/advisories/45900

secunia.com/advisories/45945

secunia.com/advisories/45948

secunia.com/advisories/46024

secunia.com/advisories/48236

secunia.com/advisories/48308

secunia.com/advisories/50737

security.gentoo.org/glsa/glsa-201209-23.xml

www.debian.org/security/2011/dsa-2354

www.debian.org/security/2012/dsa-2426

www.mandriva.com/security/advisories?name=MDVSA-2011:146

www.mandriva.com/security/advisories?name=MDVSA-2011:167

www.openwall.com/lists/oss-security/2011/08/10/10

www.redhat.com/support/errata/RHSA-2011-1635.html

www.securityfocus.com/bid/49148

www.securitytracker.com/id?1025929

www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4

www.ubuntu.com/usn/USN-1207-1

www.ubuntu.com/usn/USN-1214-1

bugzilla.redhat.com/show_bug.cgi?id=727800

bugzilla.redhat.com/show_bug.cgi?id=730338

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

Related for NVD:CVE-2011-2896

openvas73 nessus59 cve3 ubuntucve3 debiancve4 cvelist3 prion3 nvd2 centos6 oraclelinux7 redhat9 freebsd2 suse3 fedora6 securityvulns5 veracode4 gentoo1 freebsd_advisory1 ubuntu2 debian2 amazon1