CVE - CVE-2011-2896

CVE-ID
CVE-2011-2896	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1025929 URL:http://www.securitytracker.com/id?1025929 MISC:45621 URL:http://secunia.com/advisories/45621 MISC:45900 URL:http://secunia.com/advisories/45900 MISC:45945 URL:http://secunia.com/advisories/45945 MISC:45948 URL:http://secunia.com/advisories/45948 MISC:46024 URL:http://secunia.com/advisories/46024 MISC:48236 URL:http://secunia.com/advisories/48236 MISC:48308 URL:http://secunia.com/advisories/48308 MISC:49148 URL:http://www.securityfocus.com/bid/49148 MISC:50737 URL:http://secunia.com/advisories/50737 MISC:DSA-2354 URL:http://www.debian.org/security/2011/dsa-2354 MISC:DSA-2426 URL:http://www.debian.org/security/2012/dsa-2426 MISC:FEDORA-2011-11173 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html MISC:FEDORA-2011-11197 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html MISC:FEDORA-2011-11221 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html MISC:FEDORA-2011-11229 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html MISC:FEDORA-2011-11305 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html MISC:FEDORA-2011-11318 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html MISC:GLSA-201209-23 URL:http://security.gentoo.org/glsa/glsa-201209-23.xml MISC:MDVSA-2011:146 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:146~~ (Obsolete source) MISC:MDVSA-2011:167 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:167~~ (Obsolete source) MISC:RHSA-2011:1635 URL:http://www.redhat.com/support/errata/RHSA-2011-1635.html MISC:RHSA-2012:1180 URL:http://rhn.redhat.com/errata/RHSA-2012-1180.html MISC:RHSA-2012:1181 URL:http://rhn.redhat.com/errata/RHSA-2012-1181.html MISC:USN-1207-1 URL:http://www.ubuntu.com/usn/USN-1207-1 MISC:USN-1214-1 URL:http://www.ubuntu.com/usn/USN-1214-1 MISC:[oss-security] 20110810 LZW decompression issues URL:http://www.openwall.com/lists/oss-security/2011/08/10/10 MISC:http://cups.org/str.php?L3867 URL:http://cups.org/str.php?L3867 MISC:http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc URL:http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc MISC:http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 URL:http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=727800 URL:https://bugzilla.redhat.com/show_bug.cgi?id=727800 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=730338 URL:https://bugzilla.redhat.com/show_bug.cgi?id=730338
Assigning CNA
Red Hat, Inc.
Date Record Created
20110727	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110727)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)