5.1

CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Swi-prologSwi-prolog Version <= 5.10.4
AppleCups Version <= 1.4.6
GimpGimp Version <= 2.6.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.71% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://secunia.com/advisories/50737
Broken Link
http://security.gentoo.org/glsa/glsa-201209-23.xml
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1181.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146
Broken Link
http://secunia.com/advisories/48236
Broken Link
http://www.debian.org/security/2012/dsa-2426
Third Party Advisory
http://secunia.com/advisories/48308
Broken Link
http://www.openwall.com/lists/oss-security/2011/08/10/10
Patch
Third Party Advisory
Mailing List
http://cups.org/str.php?L3867
Patch
Third Party Advisory
http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc
Patch
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1180.html
Third Party Advisory
http://secunia.com/advisories/45621
Broken Link
http://secunia.com/advisories/45900
Broken Link
http://secunia.com/advisories/45945
Broken Link
http://secunia.com/advisories/45948
Broken Link
http://secunia.com/advisories/46024
Broken Link
http://www.debian.org/security/2011/dsa-2354
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:167
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-1635.html
Broken Link
http://www.securityfocus.com/bid/49148
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1025929
Third Party Advisory
Broken Link
VDB Entry
http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
Third Party Advisory
Issue Tracking
http://www.ubuntu.com/usn/USN-1207-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-1214-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=727800
Patch
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=730338
Third Party Advisory
Issue Tracking