cve-2011-2896
Vulnerability from cvelistv5
Published
2011-08-19 17:00
Modified
2024-08-06 23:15
Severity ?
Summary
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
References
secalert@redhat.comhttp://cups.org/str.php?L3867Patch, Third Party Advisory
secalert@redhat.comhttp://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfcPatch, Vendor Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1180.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1181.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/45621Broken Link
secalert@redhat.comhttp://secunia.com/advisories/45900Broken Link
secalert@redhat.comhttp://secunia.com/advisories/45945Broken Link
secalert@redhat.comhttp://secunia.com/advisories/45948Broken Link
secalert@redhat.comhttp://secunia.com/advisories/46024Broken Link
secalert@redhat.comhttp://secunia.com/advisories/48236Broken Link
secalert@redhat.comhttp://secunia.com/advisories/48308Broken Link
secalert@redhat.comhttp://secunia.com/advisories/50737Broken Link
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201209-23.xmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2011/dsa-2354Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2426Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:146Broken Link
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:167Broken Link
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/08/10/10Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1635.htmlBroken Link
secalert@redhat.comhttp://www.securityfocus.com/bid/49148Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id?1025929Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4Issue Tracking, Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1207-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1214-1Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=727800Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=730338Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cups.org/str.php?L3867Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfcPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1180.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1181.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45621Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45900Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45945Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45948Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46024Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48236Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48308Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50737Broken Link
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201209-23.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2354Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2426Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:146Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:167Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/08/10/10Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1635.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49148Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025929Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1207-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1214-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=727800Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=730338Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:15:31.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2426",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2426"
          },
          {
            "name": "FEDORA-2011-11318",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
          },
          {
            "name": "GLSA-201209-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cups.org/str.php?L3867"
          },
          {
            "name": "[oss-security] 20110810 LZW decompression issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
          },
          {
            "name": "USN-1207-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1207-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
          },
          {
            "name": "RHSA-2012:1180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
          },
          {
            "name": "48308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48308"
          },
          {
            "name": "DSA-2354",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2354"
          },
          {
            "name": "45948",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45948"
          },
          {
            "name": "RHSA-2012:1181",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
          },
          {
            "name": "46024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46024"
          },
          {
            "name": "45900",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45900"
          },
          {
            "name": "RHSA-2011:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
          },
          {
            "name": "FEDORA-2011-11221",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
          },
          {
            "name": "FEDORA-2011-11173",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
          },
          {
            "name": "49148",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49148"
          },
          {
            "name": "MDVSA-2011:146",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
          },
          {
            "name": "FEDORA-2011-11305",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
          },
          {
            "name": "USN-1214-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1214-1"
          },
          {
            "name": "50737",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50737"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
          },
          {
            "name": "MDVSA-2011:167",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
          },
          {
            "name": "FEDORA-2011-11197",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
          },
          {
            "name": "FEDORA-2011-11229",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
          },
          {
            "name": "48236",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48236"
          },
          {
            "name": "1025929",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025929"
          },
          {
            "name": "45621",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45621"
          },
          {
            "name": "45945",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45945"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-20T17:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-2426",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2426"
        },
        {
          "name": "FEDORA-2011-11318",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"
        },
        {
          "name": "GLSA-201209-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cups.org/str.php?L3867"
        },
        {
          "name": "[oss-security] 20110810 LZW decompression issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
        },
        {
          "name": "USN-1207-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1207-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"
        },
        {
          "name": "RHSA-2012:1180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
        },
        {
          "name": "48308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48308"
        },
        {
          "name": "DSA-2354",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2354"
        },
        {
          "name": "45948",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45948"
        },
        {
          "name": "RHSA-2012:1181",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
        },
        {
          "name": "46024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46024"
        },
        {
          "name": "45900",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45900"
        },
        {
          "name": "RHSA-2011:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"
        },
        {
          "name": "FEDORA-2011-11221",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"
        },
        {
          "name": "FEDORA-2011-11173",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"
        },
        {
          "name": "49148",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49148"
        },
        {
          "name": "MDVSA-2011:146",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"
        },
        {
          "name": "FEDORA-2011-11305",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"
        },
        {
          "name": "USN-1214-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1214-1"
        },
        {
          "name": "50737",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50737"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"
        },
        {
          "name": "MDVSA-2011:167",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"
        },
        {
          "name": "FEDORA-2011-11197",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"
        },
        {
          "name": "FEDORA-2011-11229",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"
        },
        {
          "name": "48236",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48236"
        },
        {
          "name": "1025929",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025929"
        },
        {
          "name": "45621",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45621"
        },
        {
          "name": "45945",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45945"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2896",
    "datePublished": "2011-08-19T17:00:00",
    "dateReserved": "2011-07-27T00:00:00",
    "dateUpdated": "2024-08-06T23:15:31.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2896\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-08-19T17:55:03.317\",\"lastModified\":\"2024-11-21T01:29:13.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.\"},{\"lang\":\"es\",\"value\":\"El descompresor LZW en (1) la funci\u00f3n LWZReadByte en giftoppm.c en el David Koblas GIF decoder en PBMPLUS, tal y como se utiliza en la funci\u00f3n gif_read_lzw en filter/image-gif.c en CUPS antes de la versi\u00f3n v1.4.7, (2) la funci\u00f3n LZWReadByte en plug-ins/common/file-gif-load.c en GIMP v2.6.11 y anteriores, (3) la funci\u00f3n LZWReadByte en img/gifread.c en XPCE en SWI-Prolog v5.10.4 y anteriores, y (4) otros productos, no controla correctamente las palabras de c\u00f3digo que est\u00e1n ausentes de la tabla de descompresi\u00f3n, lo que permite provocar a atacantes remotos un bucle infinito o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), y posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de un flujo o fichero comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2895.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.10.4\",\"matchCriteriaId\":\"306F1543-3DA7-4374-9705-0702A78E9A87\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.6\",\"matchCriteriaId\":\"580C1D10-6677-4636-9626-7B4FA3CFEA5C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.11\",\"matchCriteriaId\":\"B0F771B1-B26F-4429-AC0F-ED8C2740B1F9\"}]}]}],\"references\":[{\"url\":\"http://cups.org/str.php?L3867\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1180.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1181.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/45621\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45900\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45945\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45948\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/46024\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48236\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48308\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/50737\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-23.xml\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2354\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2426\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:146\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:167\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/08/10/10\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1635.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/49148\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1025929\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1207-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1214-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=727800\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=730338\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://cups.org/str.php?L3867\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1180.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1181.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/45621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/45948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/46024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/50737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-23.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/08/10/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1635.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/49148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1025929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1207-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1214-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=727800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=730338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.