CVE-2011-2896

{"id": "CVE-2011-2896", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-08-19T17:55:03.317", "references": [{"url": "http://cups.org/str.php?L3867", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45621", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45900", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45945", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45948", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/46024", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/48236", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/48308", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/50737", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201209-23.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2354", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2426", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/49148", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1025929", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1207-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1214-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."}, {"lang": "es", "value": "El descompresor LZW en (1) la funci\u00f3n LWZReadByte en giftoppm.c en el David Koblas GIF decoder en PBMPLUS, tal y como se utiliza en la funci\u00f3n gif_read_lzw en filter/image-gif.c en CUPS antes de la versi\u00f3n v1.4.7, (2) la funci\u00f3n LZWReadByte en plug-ins/common/file-gif-load.c en GIMP v2.6.11 y anteriores, (3) la funci\u00f3n LZWReadByte en img/gifread.c en XPCE en SWI-Prolog v5.10.4 y anteriores, y (4) otros productos, no controla correctamente las palabras de c\u00f3digo que est\u00e1n ausentes de la tabla de descompresi\u00f3n, lo que permite provocar a atacantes remotos un bucle infinito o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), y posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de un flujo o fichero comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2895.\r\n"}], "lastModified": "2022-02-07T18:44:21.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "306F1543-3DA7-4374-9705-0702A78E9A87", "versionEndIncluding": "5.10.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "580C1D10-6677-4636-9626-7B4FA3CFEA5C", "versionEndIncluding": "1.4.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F771B1-B26F-4429-AC0F-ED8C2740B1F9", "versionEndIncluding": "2.6.11"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}