Search criteria
12 vulnerabilities found for swi-prolog by swi-prolog
FKIE_CVE-2017-17524
Vulnerability from fkie_nvd - Published: 2017-12-14 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2017-17524 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2017-17524 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| swi-prolog | swi-prolog | 7.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0F8D56-1FB3-46B1-9178-6AE894D36536",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
},
{
"lang": "es",
"value": "library/www_browser.pl en SWI-Prolog 7.2.3 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podr\u00eda permitir que atacantes remotos lleven a cabo ataques de inyecci\u00f3n de argumentos mediante una URL manipulada."
}
],
"id": "CVE-2017-17524",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-14T16:29:00.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6089
Vulnerability from fkie_nvd - Published: 2013-01-04 11:52 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A435FD-F02D-4F82-8C59-16AC1F4769DD",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "564241B5-9462-4C05-AF2A-ED4C5EC735D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A82A01-F922-4729-9B35-736F07991543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "E02861BD-ADD3-42D3-AAC0-F9335A135978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A49328C0-9B01-46B3-AADD-624B631CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "08E25B15-1E59-4392-AC7B-B262537A5C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E80AF1-7664-4DE0-B52E-D5CB584EE262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCFFA5-833D-45BF-9770-8A82581D279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3C02C1-9226-4CC8-BA4B-D1C19328A053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "7D985A66-4F0D-4C3B-8C0F-2E8858C4B2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDBDA0E-D2D5-42B5-89F8-F95EF0A6B91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*",
"matchCriteriaId": "626E43DC-F845-441F-9A90-71888D229F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE0E48E-9D35-4576-9594-27E5C369C51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EA7412-1D40-4C76-8D73-8085AB57EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7A4B57-C7FC-4559-BA2E-11142463EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA641444-79A5-4A35-A9B3-AE849F40A93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49766A51-1012-4DA9-92BA-A7CFF380ABC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B89B6121-EAFA-415E-AEAD-B2E907BDEA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C32CDE03-520D-481E-BAEB-C7B0BCD8AC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE745BFE-7C79-439C-BAE5-2EBD064A9D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A43C5729-1DBA-40D7-AB59-6ECCDAF5DFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9087AA22-11FD-4BEF-86FC-9448A0847E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF09847-8BC4-4EB5-86E2-26915EBC7F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D997B8-9F1C-495E-92F2-8B188C15C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F39F681-7470-4097-BE61-735FD5EABE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AC616E-355B-4202-BB14-D9D71E5C2DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36CAA985-3A22-47E3-B90B-3C7834A38557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A40CCF-CF41-47CE-8D2C-33A6778E5C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38B14FAB-EFA0-45AC-8873-C833FFF2C965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD24DA73-9B04-4DA5-984C-B6BE8C978DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E478CE71-1CCF-436E-BE61-459B7069D182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FEC3B3-BD24-4973-B782-3840D84EBDA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C1BF1-032F-446D-A16A-EF3C27973AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04D9C3-6F22-4B49-8B65-3209C3093EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF68B6-D8BF-4695-866F-6DE5267D02F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6122-CD4B-47E7-89EF-DF68DB4A462D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A546B14D-6ADF-472F-ADA7-0486F1E5792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE34F04-351B-4EE4-BF48-5DE355F5915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C68C731-2DE1-483A-A0F8-B11B2C19173B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n canoniseFileName en os/pl-os.c en SWI-Prolog anteriores a v6.2.5 y v6.3.x anteriores a v6.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de un nombre de fichero manipulado."
}
],
"id": "CVE-2012-6089",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T11:52:15.257",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6090
Vulnerability from fkie_nvd - Published: 2013-01-04 11:52 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A435FD-F02D-4F82-8C59-16AC1F4769DD",
"versionEndIncluding": "6.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "564241B5-9462-4C05-AF2A-ED4C5EC735D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A82A01-F922-4729-9B35-736F07991543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "E02861BD-ADD3-42D3-AAC0-F9335A135978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A49328C0-9B01-46B3-AADD-624B631CDD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "08E25B15-1E59-4392-AC7B-B262537A5C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E80AF1-7664-4DE0-B52E-D5CB584EE262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCCFFA5-833D-45BF-9770-8A82581D279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3C02C1-9226-4CC8-BA4B-D1C19328A053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "7D985A66-4F0D-4C3B-8C0F-2E8858C4B2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDBDA0E-D2D5-42B5-89F8-F95EF0A6B91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*",
"matchCriteriaId": "626E43DC-F845-441F-9A90-71888D229F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE0E48E-9D35-4576-9594-27E5C369C51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EA7412-1D40-4C76-8D73-8085AB57EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7A4B57-C7FC-4559-BA2E-11142463EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA641444-79A5-4A35-A9B3-AE849F40A93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49766A51-1012-4DA9-92BA-A7CFF380ABC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B89B6121-EAFA-415E-AEAD-B2E907BDEA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C32CDE03-520D-481E-BAEB-C7B0BCD8AC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE745BFE-7C79-439C-BAE5-2EBD064A9D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A43C5729-1DBA-40D7-AB59-6ECCDAF5DFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9087AA22-11FD-4BEF-86FC-9448A0847E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF09847-8BC4-4EB5-86E2-26915EBC7F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D997B8-9F1C-495E-92F2-8B188C15C0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:5.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F39F681-7470-4097-BE61-735FD5EABE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AC616E-355B-4202-BB14-D9D71E5C2DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36CAA985-3A22-47E3-B90B-3C7834A38557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A40CCF-CF41-47CE-8D2C-33A6778E5C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38B14FAB-EFA0-45AC-8873-C833FFF2C965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD24DA73-9B04-4DA5-984C-B6BE8C978DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E478CE71-1CCF-436E-BE61-459B7069D182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FEC3B3-BD24-4973-B782-3840D84EBDA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C1BF1-032F-446D-A16A-EF3C27973AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04D9C3-6F22-4B49-8B65-3209C3093EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CF68B6-D8BF-4695-866F-6DE5267D02F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6122-CD4B-47E7-89EF-DF68DB4A462D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A546B14D-6ADF-472F-ADA7-0486F1E5792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE34F04-351B-4EE4-BF48-5DE355F5915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C68C731-2DE1-483A-A0F8-B11B2C19173B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n expand en os/pl-glob.c en SWI-Prolog anteriores a v6.2.5 y v6.3.x anteriores a v6.3.7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicacion) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de un nombre de fichero manipulado."
}
],
"id": "CVE-2012-6090",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T11:52:15.303",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-2896
Vulnerability from fkie_nvd - Published: 2011-08-19 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| swi-prolog | swi-prolog | * | |
| apple | cups | * | |
| gimp | gimp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "306F1543-3DA7-4374-9705-0702A78E9A87",
"versionEndIncluding": "5.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "580C1D10-6677-4636-9626-7B4FA3CFEA5C",
"versionEndIncluding": "1.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F771B1-B26F-4429-AC0F-ED8C2740B1F9",
"versionEndIncluding": "2.6.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."
},
{
"lang": "es",
"value": "El descompresor LZW en (1) la funci\u00f3n LWZReadByte en giftoppm.c en el David Koblas GIF decoder en PBMPLUS, tal y como se utiliza en la funci\u00f3n gif_read_lzw en filter/image-gif.c en CUPS antes de la versi\u00f3n v1.4.7, (2) la funci\u00f3n LZWReadByte en plug-ins/common/file-gif-load.c en GIMP v2.6.11 y anteriores, (3) la funci\u00f3n LZWReadByte en img/gifread.c en XPCE en SWI-Prolog v5.10.4 y anteriores, y (4) otros productos, no controla correctamente las palabras de c\u00f3digo que est\u00e1n ausentes de la tabla de descompresi\u00f3n, lo que permite provocar a atacantes remotos un bucle infinito o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), y posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de un flujo o fichero comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2895.\r\n"
}
],
"id": "CVE-2011-2896",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-08-19T17:55:03.317",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cups.org/str.php?L3867"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45621"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45900"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45945"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45948"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/46024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48308"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/50737"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://cups.org/str.php?L3867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/45948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/46024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/50737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-17524 (GCVE-0-2017-17524)
Vulnerability from cvelistv5 – Published: 2017-12-14 16:00 – Updated: 2024-08-05 20:51
VLAI?
Summary
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-17524",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17524",
"datePublished": "2017-12-14T16:00:00",
"dateReserved": "2017-12-11T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6089 (GCVE-0-2012-6089)
Vulnerability from cvelistv5 – Published: 2013-01-04 11:00 – Updated: 2024-09-17 01:55
VLAI?
Summary
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"refsource": "MLIST",
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"name": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c",
"refsource": "CONFIRM",
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6089",
"datePublished": "2013-01-04T11:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:55:59.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6090 (GCVE-0-2012-6090)
Vulnerability from cvelistv5 – Published: 2013-01-04 11:00 – Updated: 2024-09-16 20:22
VLAI?
Summary
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e",
"refsource": "CONFIRM",
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"refsource": "MLIST",
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6090",
"datePublished": "2013-01-04T11:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T20:22:34.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2896 (GCVE-0-2011-2896)
Vulnerability from cvelistv5 – Published: 2011-08-19 17:00 – Updated: 2024-08-06 23:15
VLAI?
Summary
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"name": "FEDORA-2011-11318",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"name": "GLSA-201209-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cups.org/str.php?L3867"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"name": "USN-1207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"name": "RHSA-2012:1180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "DSA-2354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"name": "45948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45948"
},
{
"name": "RHSA-2012:1181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "46024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46024"
},
{
"name": "45900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45900"
},
{
"name": "RHSA-2011:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"name": "FEDORA-2011-11221",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"name": "FEDORA-2011-11173",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"name": "49148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"name": "MDVSA-2011:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"name": "FEDORA-2011-11305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"name": "USN-1214-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"name": "50737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"name": "MDVSA-2011:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"name": "FEDORA-2011-11197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"name": "FEDORA-2011-11229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"name": "48236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48236"
},
{
"name": "1025929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"name": "45621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45621"
},
{
"name": "45945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"name": "FEDORA-2011-11318",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"name": "GLSA-201209-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cups.org/str.php?L3867"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"name": "USN-1207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"name": "RHSA-2012:1180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "DSA-2354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"name": "45948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45948"
},
{
"name": "RHSA-2012:1181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "46024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46024"
},
{
"name": "45900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45900"
},
{
"name": "RHSA-2011:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"name": "FEDORA-2011-11221",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"name": "FEDORA-2011-11173",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"name": "49148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"name": "MDVSA-2011:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"name": "FEDORA-2011-11305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"name": "USN-1214-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"name": "50737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"name": "MDVSA-2011:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"name": "FEDORA-2011-11197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"name": "FEDORA-2011-11229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"name": "48236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48236"
},
{
"name": "1025929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"name": "45621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45621"
},
{
"name": "45945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45945"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2896",
"datePublished": "2011-08-19T17:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17524 (GCVE-0-2017-17524)
Vulnerability from nvd – Published: 2017-12-14 16:00 – Updated: 2024-08-05 20:51
VLAI?
Summary
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-17524",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17524",
"datePublished": "2017-12-14T16:00:00",
"dateReserved": "2017-12-11T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6089 (GCVE-0-2012-6089)
Vulnerability from nvd – Published: 2013-01-04 11:00 – Updated: 2024-09-17 01:55
VLAI?
Summary
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"refsource": "MLIST",
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
},
{
"name": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c",
"refsource": "CONFIRM",
"url": "http://www.swi-prolog.org/git/pl.git/commit/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6089",
"datePublished": "2013-01-04T11:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-17T01:55:59.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6090 (GCVE-0-2012-6090)
Vulnerability from nvd – Published: 2013-01-04 11:00 – Updated: 2024-09-16 20:22
VLAI?
Summary
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e",
"refsource": "CONFIRM",
"url": "http://www.swi-prolog.org/git/pl.git/commit/b2c88972e7515ada025e97e7d3ce3e34f81cf33e"
},
{
"name": "[oss-security] 20130103 Re: CVE Request - SWI-Prolog / pl (X \u003c 6.2.5): Multiple (stack-based) buffer overflows in patch canonisation code and when expanding file-names with long paths",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/03/7"
},
{
"name": "[swi-prolog] 20121221 [SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5",
"refsource": "MLIST",
"url": "https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=891577",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=891577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6090",
"datePublished": "2013-01-04T11:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T20:22:34.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2896 (GCVE-0-2011-2896)
Vulnerability from nvd – Published: 2011-08-19 17:00 – Updated: 2024-08-06 23:15
VLAI?
Summary
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"name": "FEDORA-2011-11318",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"name": "GLSA-201209-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cups.org/str.php?L3867"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"name": "USN-1207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"name": "RHSA-2012:1180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "DSA-2354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"name": "45948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45948"
},
{
"name": "RHSA-2012:1181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "46024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46024"
},
{
"name": "45900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45900"
},
{
"name": "RHSA-2011:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"name": "FEDORA-2011-11221",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"name": "FEDORA-2011-11173",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"name": "49148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"name": "MDVSA-2011:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"name": "FEDORA-2011-11305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"name": "USN-1214-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"name": "50737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50737"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"name": "MDVSA-2011:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"name": "FEDORA-2011-11197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"name": "FEDORA-2011-11229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"name": "48236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48236"
},
{
"name": "1025929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"name": "45621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45621"
},
{
"name": "45945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2426"
},
{
"name": "FEDORA-2011-11318",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
},
{
"name": "GLSA-201209-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cups.org/str.php?L3867"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"name": "USN-1207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1207-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
},
{
"name": "RHSA-2012:1180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "DSA-2354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2354"
},
{
"name": "45948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45948"
},
{
"name": "RHSA-2012:1181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "46024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46024"
},
{
"name": "45900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45900"
},
{
"name": "RHSA-2011:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
},
{
"name": "FEDORA-2011-11221",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
},
{
"name": "FEDORA-2011-11173",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
},
{
"name": "49148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49148"
},
{
"name": "MDVSA-2011:146",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
},
{
"name": "FEDORA-2011-11305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
},
{
"name": "USN-1214-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1214-1"
},
{
"name": "50737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50737"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
},
{
"name": "MDVSA-2011:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
},
{
"name": "FEDORA-2011-11197",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
},
{
"name": "FEDORA-2011-11229",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
},
{
"name": "48236",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48236"
},
{
"name": "1025929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025929"
},
{
"name": "45621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45621"
},
{
"name": "45945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45945"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2896",
"datePublished": "2011-08-19T17:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}