Heap-based Buffer Overflow in CUPS Product by Apple
CVE-2011-3170

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 19 August 2011

What is CVE-2011-3170?

The gif_read_lzw function within filter/image-gif.c of CUPS versions 1.4.8 and earlier is susceptible to a heap-based buffer overflow due to improper handling of the first code word in an LZW stream. This flaw can be exploited by remote attackers to potentially execute arbitrary code through a specially crafted LZW stream, exposing systems running affected versions of CUPS to serious security risks.

References

http://www.ubuntu.com/usn/USN-1207-1

vendor-advisoryx_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=727800

x_refsource_CONFIRM

http://www.debian.org/security/2011/dsa-2354

vendor-advisoryx_refsource_DEBIAN

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2011
Vulnerability Reserved
Aug 19, 2011