CVE-2011-2895

HIGH

Description

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

References

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html

http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html

http://secunia.com/advisories/45544

http://secunia.com/advisories/45568

http://secunia.com/advisories/45599

http://secunia.com/advisories/45986

http://secunia.com/advisories/46127

http://secunia.com/advisories/48951

http://securitytracker.com/id?1025920

http://support.apple.com/kb/HT5130

http://support.apple.com/kb/HT5281

http://www.debian.org/security/2011/dsa-2293

http://www.mandriva.com/security/advisories?name=MDVSA-2011:153

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

http://www.openwall.com/lists/oss-security/2011/08/10/10

http://www.redhat.com/support/errata/RHSA-2011-1154.html

http://www.redhat.com/support/errata/RHSA-2011-1155.html

http://www.redhat.com/support/errata/RHSA-2011-1161.html

http://www.redhat.com/support/errata/RHSA-2011-1834.html

http://www.securityfocus.com/bid/49124

http://www.ubuntu.com/usn/USN-1191-1

https://bugzilla.redhat.com/show_bug.cgi?id=725760

https://bugzilla.redhat.com/show_bug.cgi?id=727624

https://exchange.xforce.ibmcloud.com/vulnerabilities/69141

https://support.apple.com/HT205635

https://support.apple.com/HT205637

https://support.apple.com/HT205640

https://support.apple.com/HT205641

Details

Source: MITRE

Published: 2011-08-19

Updated: 2017-08-29

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:* versions up to 1.4.3 (inclusive)

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:* versions up to 3.7 (inclusive)

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
131849EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357)NessusHuawei Local Security Checks
high
94050Apple TV < 9.1 Multiple VulnerabilitiesNessusMisc.
high
9325Mac OS X 10.11.x < 10.11.2 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
9329Apple iOS < 9.2 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
87321Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)NessusMacOS X Local Security Checks
critical
87314Mac OS X 10.11.x < 10.11.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
87310Apple iOS < 9.2 Multiple VulnerabilitiesNessusMobile Devices
critical
75910openSUSE Security Update : libpciaccess0 (openSUSE-SU-2011:1299-1)NessusSuSE Local Security Checks
high
75600openSUSE Security Update : libpciaccess0 (openSUSE-SU-2011:1299-1)NessusSuSE Local Security Checks
high
72637GLSA-201402-23 : libXfont: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68325Oracle Linux 4 : freetype (ELSA-2011-1161)NessusOracle Linux Local Security Checks
high
68323Oracle Linux 4 : xorg-x11 (ELSA-2011-1155)NessusOracle Linux Local Security Checks
high
68322Oracle Linux 5 / 6 : libXfont (ELSA-2011-1154)NessusOracle Linux Local Security Checks
high
64016RHEL 5 : libXfont (RHSA-2011:1834)NessusRed Hat Local Security Checks
high
61111Scientific Linux Security Update : freetype on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
61109Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
61108Scientific Linux Security Update : libXfont on SL5.x, SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
6482Mac OS X 10.7 < 10.7.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
59066Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
6303Mac OS X 10.7 < 10.7.3 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
57798Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)NessusMacOS X Local Security Checks
critical
57797Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
57743FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)NessusFreeBSD Local Security Checks
high
57269SuSE 10 Security Update : Xorg-X11 (ZYPP Patch Number 7759)NessusSuSE Local Security Checks
high
57198SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7872)NessusSuSE Local Security Checks
high
57117SuSE 11.1 Security Update : Xorg X11 (SAT Patch Number 5103)NessusSuSE Local Security Checks
high
56531Mandriva Linux Security Advisory : libxfont (MDVSA-2011:153)NessusMandriva Local Security Checks
high
56270CentOS 5 : libXfont (CESA-2011:1154)NessusCentOS Local Security Checks
high
55861CentOS 4 : freetype (CESA-2011:1161)NessusCentOS Local Security Checks
high
55858Ubuntu 10.04 LTS / 10.10 / 11.04 : libxfont vulnerability (USN-1191-1)NessusUbuntu Local Security Checks
high
55856RHEL 4 : freetype (RHSA-2011:1161)NessusRed Hat Local Security Checks
high
55841Debian DSA-2293-1 : libxfont - buffer overflowNessusDebian Local Security Checks
high
55840CentOS 4 : xorg-x11 (CESA-2011:1155)NessusCentOS Local Security Checks
high
55825RHEL 4 : xorg-x11 (RHSA-2011:1155)NessusRed Hat Local Security Checks
high
55824RHEL 5 / 6 : libXfont (RHSA-2011:1154)NessusRed Hat Local Security Checks
high
55821FreeBSD : libXfont -- possible local privilege escalation (304409c3-c3ef-11e0-8aa5-485d60cb5385)NessusFreeBSD Local Security Checks
high