Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2895

HistoryAug 19, 2011 - 5:55 p.m.

Heap overflow

2011-08-1917:55:00

PRIOn knowledge base

www.prio-n.com

19

7.5 High

AI Score

Confidence

Low

0.103 Low

EPSS

Percentile

95.0%

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

CPENameOperatorVersion
freetypeeq2.1.9
openbsdeq2.8
openbsdeq3.1
openbsdeq3.3
openbsdeq2.9
openbsdeq2.1
openbsdeq2.2
openbsdeq2.0
openbsdeq2.7
openbsdeq3.2

Rows per page:

1-10 of 381

References

cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

lists.apple.com/archives/security-announce/2015/Dec/msg00002.html

lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html

lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html

lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html

lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html

secunia.com/advisories/45544

secunia.com/advisories/45568

secunia.com/advisories/45599

secunia.com/advisories/45986

secunia.com/advisories/46127

secunia.com/advisories/48951

securitytracker.com/id?1025920

support.apple.com/kb/HT5130

support.apple.com/kb/HT5281

www.debian.org/security/2011/dsa-2293

www.mandriva.com/security/advisories?name=MDVSA-2011:153

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c

www.openwall.com/lists/oss-security/2011/08/10/10

www.redhat.com/support/errata/RHSA-2011-1154.html

www.redhat.com/support/errata/RHSA-2011-1155.html

www.redhat.com/support/errata/RHSA-2011-1161.html

www.redhat.com/support/errata/RHSA-2011-1834.html

www.securityfocus.com/bid/49124

www.ubuntu.com/usn/USN-1191-1

bugzilla.redhat.com/show_bug.cgi?id=725760

bugzilla.redhat.com/show_bug.cgi?id=727624

exchange.xforce.ibmcloud.com/vulnerabilities/69141

support.apple.com/HT205635

support.apple.com/HT205637

support.apple.com/HT205640

support.apple.com/HT205641

7.5 High

AI Score

Confidence

Low

0.103 Low

EPSS

Percentile

95.0%

Related for PRION:CVE-2011-2895

openvas73 nessus59 cve3 ubuntucve3 debiancve4 cvelist3 nvd3 prion2 centos6 oraclelinux7 redhat9 freebsd2 suse3 fedora6 securityvulns5 gentoo1 veracode4 freebsd_advisory1 ubuntu2 debian2 amazon1