CVE-2011-3170 Information

Feb 14, 2021 cve

Description

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream which allows remote attackers to trigger a heap-based buffer overflow and possibly execute arbitrary code via a crafted stream a different vulnerability than CVE-2011-2896.

Reference

http://cups.org/str.php?L3914 http://secunia.com/advisories/45796 http://secunia.com/advisories/46024 http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.debian.org/security/2011/dsa-2354 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:147 http://www.securityfocus.com/bid/49323 http://www.securitytracker.com/id?1025980 http://www.ubuntu.com/usn/USN-1207-1 https://bugzilla.redhat.com/show_bug.cgi?id=727800 https://exchange.xforce.ibmcloud.com/vulnerabilities/69380

Share on: