CVE-2011-2895 Information

Feb 14, 2021 cve

Description

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD as used in zopen.c in OpenBSD before 3.8 FreeBSD NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1 FreeType 2.1.9 and other products does not properly handle code words that are absent from the decompression table when encountered which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow and possibly execute arbitrary code via a crafted compressed stream a related issue to CVE-2006-1168 and CVE-2011-2896.

Reference

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html http://secunia.com/advisories/45544 http://secunia.com/advisories/45568 http://secunia.com/advisories/45599 http://secunia.com/advisories/45986 http://secunia.com/advisories/46127 http://secunia.com/advisories/48951 http://securitytracker.com/id?1025920 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2011/dsa-2293 http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.crev1.17 http://www.openwall.com/lists/oss-security/2011/08/10/10 http://www.redhat.com/support/errata/RHSA-2011-1154.html http://www.redhat.com/support/errata/RHSA-2011-1155.html http://www.redhat.com/support/errata/RHSA-2011-1161.html http://www.redhat.com/support/errata/RHSA-2011-1834.html http://www.securityfocus.com/bid/49124 http://www.ubuntu.com/usn/USN-1191-1 https://bugzilla.redhat.com/show_bug.cgi?id=725760 https://bugzilla.redhat.com/show_bug.cgi?id=727624 https://exchange.xforce.ibmcloud.com/vulnerabilities/69141 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641

Share on: