Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3170

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2011-3170
Last Modified 14 May 2013 11:20:11
Published 19 Aug 2011 01:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-3170

Summary

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

Vulnerable Systems

Application

  • Apple Cups 1.1

  • Apple Cups 1.1.1

  • Apple Cups 1.1.10

  • Apple Cups 1.1.10-1

  • Apple Cups 1.1.11

  • Apple Cups 1.1.12

  • Apple Cups 1.1.13

  • Apple Cups 1.1.14

  • Apple Cups 1.1.15

  • Apple Cups 1.1.16

  • Apple Cups 1.1.17

  • Apple Cups 1.1.18

  • Apple Cups 1.1.19

  • Apple Cups 1.1.2

  • Apple Cups 1.1.20

  • Apple Cups 1.1.21

  • Apple Cups 1.1.22

  • Apple Cups 1.1.23

  • Apple Cups 1.1.3

  • Apple Cups 1.1.4

  • Apple Cups 1.1.5

  • Apple Cups 1.1.5-1

  • Apple Cups 1.1.5-2

  • Apple Cups 1.1.6

  • Apple Cups 1.1.6-1

  • Apple Cups 1.1.6-2

  • Apple Cups 1.1.6-3

  • Apple Cups 1.1.7

  • Apple Cups 1.1.8

  • Apple Cups 1.1.9

  • Apple Cups 1.1.9-1

  • Apple Cups 1.2

  • Apple Cups 1.2.0

  • Apple Cups 1.2.1

  • Apple Cups 1.2.10

  • Apple Cups 1.2.11

  • Apple Cups 1.2.12

  • Apple Cups 1.2.2

  • Apple Cups 1.2.3

  • Apple Cups 1.2.4

  • Apple Cups 1.2.5

  • Apple Cups 1.2.6

  • Apple Cups 1.2.7

  • Apple Cups 1.2.8

  • Apple Cups 1.2.9

  • Apple Cups 1.3

  • Apple Cups 1.3.0

  • Apple Cups 1.3.1

  • Apple Cups 1.3.10

  • Apple Cups 1.3.11

  • Apple Cups 1.3.2

  • Apple Cups 1.3.3

  • Apple Cups 1.3.4

  • Apple Cups 1.3.5

  • Apple Cups 1.3.6

  • Apple Cups 1.3.7

  • Apple Cups 1.3.8

  • Apple Cups 1.3.9

  • Apple Cups 1.4

  • Apple Cups 1.4.0

  • Apple Cups 1.4.1

  • Apple Cups 1.4.2

  • Apple Cups 1.4.3

  • Apple Cups 1.4.4

  • Apple Cups 1.4.5

  • Apple Cups 1.4.6

  • Apple Cups 1.4.7

  • Apple Cups 1.4.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=727800

CONFIRM - http://cups.org/str.php?L3914

XF - cups-gifreadlzw-function-bo(69380)

UBUNTU - USN-1207-1

SECTRACK - 1025980

BID - 49323

MANDRIVA - MDVSA-2011:147

MANDRIVA - MDVSA-2011:146

SECUNIA - 46024

SECUNIA - 45796

DEBIAN - DSA-2354

GENTOO - GLSA-201207-10

Related Patches

Novell SUSE 2011:5180 cups security update for SLE 11 SP1 i586

Novell SUSE 2011:7775 cups security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:21