Back to search
CVE-2011-3170
Published: Aug 19, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1207-1
vendor-advisory
x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=727800
x_refsource_CONFIRM
DSA-2354
vendor-advisory
x_refsource_DEBIAN
46024
third-party-advisory
x_refsource_SECUNIA
1025980
vdb-entry
x_refsource_SECTRACK
GLSA-201207-10
vendor-advisory
x_refsource_GENTOO
MDVSA-2011:146
vendor-advisory
x_refsource_MANDRIVA
45796
third-party-advisory
x_refsource_SECUNIA
cups-gifreadlzw-function-bo(69380)
vdb-entry
x_refsource_XF
MDVSA-2011:147
vendor-advisory
x_refsource_MANDRIVA
49323
vdb-entry
x_refsource_BID
http://cups.org/str.php?L3914
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now