Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2895

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2895
Last Modified 18 Dec 2012 11:42:13
Published 19 Aug 2011 01:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2895

Summary

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Vulnerable Systems

Operating System

  • Freebsd

  • Netbsd

  • Openbsd 2.0

  • Openbsd 2.1

  • Openbsd 2.2

  • Openbsd 2.3

  • Openbsd 2.4

  • Openbsd 2.5

  • Openbsd 2.6

  • Openbsd 2.7

  • Openbsd 2.8

  • Openbsd 2.9

  • Openbsd 3.0

  • Openbsd 3.1

  • Openbsd 3.2

  • Openbsd 3.3

  • Openbsd 3.4

  • Openbsd 3.5

  • Openbsd 3.6

  • Openbsd 3.7

Application

  • Freetype 2.1.9

  • Libxfont 1.2.0

  • Libxfont 1.2.1

  • Libxfont 1.2.2

  • Libxfont 1.2.3

  • Libxfont 1.2.4

  • Libxfont 1.2.5

  • Libxfont 1.2.6

  • Libxfont 1.2.7

  • Libxfont 1.2.8

  • Libxfont 1.2.9

  • Libxfont 1.3.0

  • Libxfont 1.3.1

  • Libxfont 1.3.2

  • Libxfont 1.3.3

  • Libxfont 1.3.4

  • Libxfont 1.4.0

  • Libxfont 1.4.1

  • Libxfont 1.4.2

  • Libxfont 1.4.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=725760

MLIST - [xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4

MLIST - [xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption

CONFIRM - http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=727624

XF - xorg-lzw-bo(69141)

UBUNTU - USN-1191-1

BID - 49124

REDHAT - RHSA-2011:1161

REDHAT - RHSA-2011:1155

REDHAT - RHSA-2011:1154

MLIST - [oss-security] 20110810 LZW decompression issues

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

MANDRIVA - MDVSA-2011:153

DEBIAN - DSA-2293

SECTRACK - 1025920

SECUNIA - 46127

SECUNIA - 45986

SECUNIA - 45599

SECUNIA - 45568

SECUNIA - 45544

SUSE - SUSE-SU-2011:1035

NETBSD - NetBSD-SA2011-007

REDHAT - RHSA-2011:1834

SUSE - openSUSE-SU-2011:1299

CONFIRM - http://support.apple.com/kb/HT5130

APPLE - APPLE-SA-2012-02-01-1

CONFIRM - http://support.apple.com/kb/HT5281

APPLE - APPLE-SA-2012-05-09-1

SECUNIA - 48951

Related Patches

SUN112785-66 Solaris 9 SPARC: X11 6.6.1: Xsun patch

Apple 2012-02-01 Mac OS X Server 10.7.3 Update

Apple 2012-02-01 Mac OS X 10.7.3 Update

Apple 2012-02-01 Mac OS X Server 10.7.3 Combo Update

Apple 2012-02-01 Mac OS X 10.7.3 Combo Update

Apple 2012-05-09 Mac OS X 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Combo Update

Apple 2012-05-09 Mac OS X 10.7.4 Update

Apple 2012-05-09 Mac OS X Server 10.7.4 Update

Apple 2012-02-01 Security Update 2012-001 v1.1 Server (Snow Leopard)

Apple 2012-02-01 Security Update 2012-001 v1.1 (Snow Leopard)

Novell SUSE 2011:5103 libpciaccess0 security update for SLE 11 SP1 i586

Novell SUSE 2011:7759 xorg-x11 security update for SLE 10 SP4 i586

Novell SUSE 2011:7759 xorg-x11 security update for SLE 10 SP4 x86_64

Novell SUSE 2011:7872 freetype2 security update for SLE 10 SP4 i586

Novell SUSE 2011:7872 freetype2 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:57:21