Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.

Published

2011-08-19T17:55:03.317

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

4.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	swi-prolog	swi-prolog	≤ 5.10.4	Yes
Application	apple	cups	≤ 1.4.6	Yes
Application	gimp	gimp	≤ 2.6.11	Yes

References

http://cups.org/str.php?L3867 Patch, Third Party Advisory ([email protected])
http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc Patch, Vendor Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-1180.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-1181.html Third Party Advisory ([email protected])
http://secunia.com/advisories/45621 Broken Link ([email protected])
http://secunia.com/advisories/45900 Broken Link ([email protected])
http://secunia.com/advisories/45945 Broken Link ([email protected])
http://secunia.com/advisories/45948 Broken Link ([email protected])
http://secunia.com/advisories/46024 Broken Link ([email protected])
http://secunia.com/advisories/48236 Broken Link ([email protected])
http://secunia.com/advisories/48308 Broken Link ([email protected])
http://secunia.com/advisories/50737 Broken Link ([email protected])
http://security.gentoo.org/glsa/glsa-201209-23.xml Third Party Advisory ([email protected])
http://www.debian.org/security/2011/dsa-2354 Third Party Advisory ([email protected])
http://www.debian.org/security/2012/dsa-2426 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 Broken Link ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2011/08/10/10 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-1635.html Broken Link ([email protected])
http://www.securityfocus.com/bid/49148 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1025929 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 Issue Tracking, Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-1207-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-1214-1 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=727800 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=730338 Issue Tracking, Third Party Advisory ([email protected])
http://cups.org/str.php?L3867 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-1180.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-1181.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45621 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45900 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45945 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45948 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/46024 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48236 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48308 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/50737 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201209-23.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2354 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2012/dsa-2426 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2011/08/10/10 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-1635.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/49148 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1025929 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1207-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1214-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=727800 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=730338 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)