Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-2895

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Published

2011-08-19T17:55:03.037

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	freetype	freetype	2.1.9	Yes
Application	x	libxfont	≤ 1.4.3	Yes
Application	x	libxfont	1.2.0	Yes
Application	x	libxfont	1.2.1	Yes
Application	x	libxfont	1.2.2	Yes
Application	x	libxfont	1.2.3	Yes
Application	x	libxfont	1.2.4	Yes
Application	x	libxfont	1.2.5	Yes
Application	x	libxfont	1.2.6	Yes
Application	x	libxfont	1.2.7	Yes
Application	x	libxfont	1.2.8	Yes
Application	x	libxfont	1.2.9	Yes
Application	x	libxfont	1.3.0	Yes
Application	x	libxfont	1.3.1	Yes
Application	x	libxfont	1.3.2	Yes
Application	x	libxfont	1.3.3	Yes
Application	x	libxfont	1.3.4	Yes
Application	x	libxfont	1.4.0	Yes
Application	x	libxfont	1.4.1	Yes
Application	x	libxfont	1.4.2	Yes
Operating System	freebsd	freebsd	*	Yes
Operating System	netbsd	netbsd	*	Yes
Operating System	openbsd	openbsd	≤ 3.7	Yes
Operating System	openbsd	openbsd	2.0	Yes
Operating System	openbsd	openbsd	2.1	Yes
Operating System	openbsd	openbsd	2.2	Yes
Operating System	openbsd	openbsd	2.3	Yes
Operating System	openbsd	openbsd	2.4	Yes
Operating System	openbsd	openbsd	2.5	Yes
Operating System	openbsd	openbsd	2.6	Yes
Operating System	openbsd	openbsd	2.7	Yes
Operating System	openbsd	openbsd	2.8	Yes
Operating System	openbsd	openbsd	2.9	Yes
Operating System	openbsd	openbsd	3.0	Yes
Operating System	openbsd	openbsd	3.1	Yes
Operating System	openbsd	openbsd	3.2	Yes
Operating System	openbsd	openbsd	3.3	Yes
Operating System	openbsd	openbsd	3.4	Yes
Operating System	openbsd	openbsd	3.5	Yes
Operating System	openbsd	openbsd	3.6	Yes

References

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Patch ([email protected])
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc ([email protected])
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html ([email protected])
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html ([email protected])
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html ([email protected])
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html ([email protected])
http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html ([email protected])
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html ([email protected])
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html Patch ([email protected])
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html Patch ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html ([email protected])
http://secunia.com/advisories/45544 Vendor Advisory ([email protected])
http://secunia.com/advisories/45568 Vendor Advisory ([email protected])
http://secunia.com/advisories/45599 Vendor Advisory ([email protected])
http://secunia.com/advisories/45986 ([email protected])
http://secunia.com/advisories/46127 ([email protected])
http://secunia.com/advisories/48951 ([email protected])
http://securitytracker.com/id?1025920 ([email protected])
http://support.apple.com/kb/HT5130 ([email protected])
http://support.apple.com/kb/HT5281 ([email protected])
http://www.debian.org/security/2011/dsa-2293 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 ([email protected])
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 ([email protected])
http://www.openwall.com/lists/oss-security/2011/08/10/10 ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-1154.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-1155.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-1161.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-1834.html ([email protected])
http://www.securityfocus.com/bid/49124 ([email protected])
http://www.ubuntu.com/usn/USN-1191-1 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=725760 Patch ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=727624 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/69141 ([email protected])
https://support.apple.com/HT205635 ([email protected])
https://support.apple.com/HT205637 ([email protected])
https://support.apple.com/HT205640 ([email protected])
https://support.apple.com/HT205641 ([email protected])
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45544 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45568 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45599 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45986 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/46127 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48951 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1025920 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT5130 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT5281 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2293 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2011/08/10/10 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-1154.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-1155.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-1161.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-1834.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/49124 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1191-1 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=725760 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=727624 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69141 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205635 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205637 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205640 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205641 (af854a3a-2127-422b-91ae-364da2661108)