LZW Decompression Vulnerability in X.Org libXfont and Multiple Operating Systems
CVE-2011-2895

Currently unrated

Key Information:

Vendor

OpenBSD
Status
OpenBSD
Freetype
Netbsd
Libxfont
Vendor
CVE Published:
19 August 2011

What is CVE-2011-2895?

The vulnerability in the LZW decompressor affects the BufCompressedFill function in X.Org libXfont and multiple BSD variants. It arises when code words that are not present in the decompression table are encountered. This malfunction can lead to an infinite loop or a heap-based buffer overflow, potentially allowing attackers to execute arbitrary code through crafted compressed data streams.

References

https://support.apple.com/HT205635
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2011-1154.html
vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1191-1
vendor-advisoryx_refsource_UBUNTU

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.