CVE-2011-3170

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 19 August 2011

Summary

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

References

http://www.ubuntu.com/usn/USN-1207-1

vendor-advisoryx_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=727800

x_refsource_CONFIRM

http://www.debian.org/security/2011/dsa-2354

vendor-advisoryx_refsource_DEBIAN

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 19, 2011
Vulnerability Reserved
Aug 19, 2011