CVE-2011-2896

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.

References

http://cups.org/str.php?L3867

http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html

http://rhn.redhat.com/errata/RHSA-2012-1180.html

http://rhn.redhat.com/errata/RHSA-2012-1181.html

http://secunia.com/advisories/45621

http://secunia.com/advisories/45900

http://secunia.com/advisories/45945

http://secunia.com/advisories/45948

http://secunia.com/advisories/46024

http://secunia.com/advisories/48236

http://secunia.com/advisories/48308

http://secunia.com/advisories/50737

http://security.gentoo.org/glsa/glsa-201209-23.xml

http://www.debian.org/security/2011/dsa-2354

http://www.debian.org/security/2012/dsa-2426

http://www.mandriva.com/security/advisories?name=MDVSA-2011:146

http://www.mandriva.com/security/advisories?name=MDVSA-2011:167

http://www.openwall.com/lists/oss-security/2011/08/10/10

http://www.redhat.com/support/errata/RHSA-2011-1635.html

http://www.securityfocus.com/bid/49148

http://www.securitytracker.com/id?1025929

http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4

http://www.ubuntu.com/usn/USN-1207-1

http://www.ubuntu.com/usn/USN-1214-1

https://bugzilla.redhat.com/show_bug.cgi?id=727800

https://bugzilla.redhat.com/show_bug.cgi?id=730338

Details

Source: MITRE

Published: 2011-08-19

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:swi-prolog:swi-prolog:2.7.14:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:2.7.15:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:2.7.19:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:2.9.7:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:2.9.9:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:2.9.11:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:3.3.10:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.2.13:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.50:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.51:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.52:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.53:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.54:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.55:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.56:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.57:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.58:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.59:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.61:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.62:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.63:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.6.64:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.8.0:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.8.1:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.8.2:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.8.3:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.10.0:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.10.1:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.10.2:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:5.10.3:*:*:*:*:*:*:*

cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:* versions up to 5.10.4 (inclusive)

Configuration 2

OR

cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:b1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:b2:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:b3:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4:rc1:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* versions up to 1.4.6 (inclusive)

Configuration 3

OR

cpe:2.3:a:gimp:gimp:2.6.8:*:*:*:*:*:*:*

cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:* versions up to 2.6.11 (inclusive)

cpe:2.3:a:gnu:gimp:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.2.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.4.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:gimp:2.6.10:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
75850openSUSE Security Update : gimp (openSUSE-SU-2011:1152-1)NessusSuSE Local Security Checks
medium
75515openSUSE Security Update : gimp (openSUSE-SU-2011:1152-1)NessusSuSE Local Security Checks
medium
68601Oracle Linux 5 : gimp (ELSA-2012-1181)NessusOracle Linux Local Security Checks
high
68600Oracle Linux 6 : gimp (ELSA-2012-1180)NessusOracle Linux Local Security Checks
medium
68473Oracle Linux 5 : cups (ELSA-2012-0302)NessusOracle Linux Local Security Checks
medium
62379GLSA-201209-23 : GIMP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
61606Scientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820)NessusScientific Linux Local Security Checks
medium
61605Scientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)NessusScientific Linux Local Security Checks
high
61604RHEL 5 : gimp (RHSA-2012:1181)NessusRed Hat Local Security Checks
high
61603RHEL 6 : gimp (RHSA-2012:1180)NessusRed Hat Local Security Checks
medium
61600CentOS 5 : gimp (CESA-2012:1181)NessusCentOS Local Security Checks
high
61599CentOS 6 : gimp (CESA-2012:1180)NessusCentOS Local Security Checks
medium
61259Scientific Linux Security Update : cups on SL5.x i386/x86_64 (20120221)NessusScientific Linux Local Security Checks
medium
61186Scientific Linux Security Update : cups on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
58250Debian DSA-2426-1 : gimp - several vulnerabilitiesNessusDebian Local Security Checks
high
58056RHEL 5 : cups (RHSA-2012:0302)NessusRed Hat Local Security Checks
medium
57200SuSE 10 Security Update : Gimp (ZYPP Patch Number 7776)NessusSuSE Local Security Checks
medium
57172SuSE 10 Security Update : CUPS (ZYPP Patch Number 7775)NessusSuSE Local Security Checks
medium
57104SuSE 11.1 Security Update : Gimp (SAT Patch Number 5193)NessusSuSE Local Security Checks
medium
57094SuSE 11.1 Security Update : CUPS (SAT Patch Number 5180)NessusSuSE Local Security Checks
medium
57018RHEL 6 : cups (RHSA-2011:1635)NessusRed Hat Local Security Checks
medium
56982Debian DSA-2354-1 : cups - several vulnerabilitiesNessusDebian Local Security Checks
medium
56726Mandriva Linux Security Advisory : gimp (MDVSA-2011:167)NessusMandriva Local Security Checks
medium
56603SuSE 10 Security Update : CUPS (ZYPP Patch Number 7774)NessusSuSE Local Security Checks
medium
56447Mandriva Linux Security Advisory : cups (MDVSA-2011:146)NessusMandriva Local Security Checks
medium
56280Ubuntu 10.04 LTS / 10.10 / 11.04 : gimp vulnerability (USN-1214-1)NessusUbuntu Local Security Checks
medium
56206Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : cups, cupsys vulnerabilities (USN-1207-1)NessusUbuntu Local Security Checks
medium
56149Fedora 16 : pl-5.10.2-5.fc16 (2011-11229)NessusFedora Local Security Checks
medium
56148Fedora 14 : cups-1.4.8-2.fc14 (2011-11221)NessusFedora Local Security Checks
medium
56132Fedora 14 : pl-5.7.11-7.fc14 (2011-11318)NessusFedora Local Security Checks
medium
56131Fedora 15 : pl-5.10.2-5.fc15 (2011-11305)NessusFedora Local Security Checks
medium
56014Fedora 16 : cups-1.5.0-6.fc16 (2011-11173)NessusFedora Local Security Checks
medium
56007CUPS < 1.4.7 'gif_read_lzw' Buffer OverflowNessusMisc.
medium
55990Fedora 15 : cups-1.4.8-2.fc15 (2011-11197)NessusFedora Local Security Checks
medium
55951Fedora 14 : gimp-2.6.11-21.fc14 (2011-10782)NessusFedora Local Security Checks
medium
55949Fedora 16 : gimp-2.6.11-21.fc16 (2011-10761)NessusFedora Local Security Checks
medium
55911Fedora 15 : gimp-2.6.11-21.fc15 (2011-10788)NessusFedora Local Security Checks
medium