CUPS < 1.4.7 'gif_read_lzw' Buffer Overflow

Medium Nessus Plugin ID 56007


The remote print service is affected by a buffer overflow vulnerability.


According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.7.

There is a boundary error in the function 'gif_read_lzw' in the file 'filter/image-gif.c' that can allow an attacker to cause a heap-based buffer overflow via specially crafted gif images.


Upgrade to CUPS version 1.4.7 or later.

See Also

Plugin Details

Severity: Medium

ID: 56007

File Name: cups_1_4_7.nasl

Version: $Revision: 1.8 $

Type: remote

Family: Misc.

Published: 2011/08/29

Modified: 2017/05/16

Dependencies: 10107, 29727

Risk Information

Risk Factor: Medium


Base Score: 5.1

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:cups

Required KB Items: www/cups, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/06/21

Vulnerability Publication Date: 2011/06/21

Reference Information

CVE: CVE-2011-2896

BID: 49148

OSVDB: 74539