CVE-2011-2896 - Vulnerability Details

Vendors	Products
Apple	Cups
Gimp	Gimp
Redhat	Enterprise Linux
Swi-prolog	Swi-prolog

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
cups-1:1.3.7-30.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2012:0302	2012-02-21T00:00:00Z
gimp-2:2.2.13-2.0.7.el5_8.5	cpe:/o:redhat:enterprise_linux:5	RHSA-2012:1181	2012-08-20T00:00:00Z
Red Hat Enterprise Linux 6
cups-1:1.4.2-44.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2011:1635	2011-12-05T00:00:00Z
gimp-2:2.6.9-4.el6_3.3	cpe:/o:redhat:enterprise_linux:6	RHSA-2012:1180	2012-08-20T00:00:00Z

Link	Providers
http://cups.org/str.php?L3867
http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html
http://rhn.redhat.com/errata/RHSA-2012-1180.html
http://rhn.redhat.com/errata/RHSA-2012-1181.html
http://secunia.com/advisories/45621
http://secunia.com/advisories/45900
http://secunia.com/advisories/45945
http://secunia.com/advisories/45948
http://secunia.com/advisories/46024
http://secunia.com/advisories/48236
http://secunia.com/advisories/48308
http://secunia.com/advisories/50737
http://security.gentoo.org/glsa/glsa-201209-23.xml
http://www.debian.org/security/2011/dsa-2354
http://www.debian.org/security/2012/dsa-2426
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:167
http://www.openwall.com/lists/oss-security/2011/08/10/10
http://www.redhat.com/support/errata/RHSA-2011-1635.html
http://www.securityfocus.com/bid/49148
http://www.securitytracker.com/id?1025929
http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
http://www.ubuntu.com/usn/USN-1207-1
http://www.ubuntu.com/usn/USN-1214-1
https://bugzilla.redhat.com/show_bug.cgi?id=727800
https://bugzilla.redhat.com/show_bug.cgi?id=730338
https://nvd.nist.gov/vuln/detail/CVE-2011-2896
https://www.cve.org/CVERecord?id=CVE-2011-2896

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-20T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-2426", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2426"}, {"name": "FEDORA-2011-11318", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"}, {"name": "GLSA-201209-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cups.org/str.php?L3867"}, {"name": "[oss-security] 20110810 LZW decompression issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"}, {"name": "USN-1207-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1207-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"}, {"name": "RHSA-2012:1180", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"}, {"name": "48308", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48308"}, {"name": "DSA-2354", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2354"}, {"name": "45948", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45948"}, {"name": "RHSA-2012:1181", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"}, {"name": "46024", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46024"}, {"name": "45900", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45900"}, {"name": "RHSA-2011:1635", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"}, {"name": "FEDORA-2011-11221", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"}, {"name": "FEDORA-2011-11173", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"}, {"name": "49148", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49148"}, {"name": "MDVSA-2011:146", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"}, {"name": "FEDORA-2011-11305", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"}, {"name": "USN-1214-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1214-1"}, {"name": "50737", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50737"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"}, {"name": "MDVSA-2011:167", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"}, {"name": "FEDORA-2011-11197", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"}, {"name": "FEDORA-2011-11229", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"}, {"name": "48236", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48236"}, {"name": "1025929", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025929"}, {"name": "45621", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45621"}, {"name": "45945", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45945"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:15:31.669Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2426", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2426"}, {"name": "FEDORA-2011-11318", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"}, {"name": "GLSA-201209-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cups.org/str.php?L3867"}, {"name": "[oss-security] 20110810 LZW decompression issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"}, {"name": "USN-1207-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1207-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"}, {"name": "RHSA-2012:1180", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"}, {"name": "48308", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48308"}, {"name": "DSA-2354", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2354"}, {"name": "45948", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45948"}, {"name": "RHSA-2012:1181", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"}, {"name": "46024", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46024"}, {"name": "45900", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45900"}, {"name": "RHSA-2011:1635", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"}, {"name": "FEDORA-2011-11221", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"}, {"name": "FEDORA-2011-11173", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"}, {"name": "49148", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49148"}, {"name": "MDVSA-2011:146", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"}, {"name": "FEDORA-2011-11305", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"}, {"name": "USN-1214-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1214-1"}, {"name": "50737", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50737"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"}, {"name": "MDVSA-2011:167", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"}, {"name": "FEDORA-2011-11197", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"}, {"name": "FEDORA-2011-11229", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"}, {"name": "48236", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48236"}, {"name": "1025929", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025929"}, {"name": "45621", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45621"}, {"name": "45945", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45945"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2896", "datePublished": "2011-08-19T17:00:00", "dateReserved": "2011-07-27T00:00:00", "dateUpdated": "2024-08-06T23:15:31.669Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2011-08-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-07-20T17:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : DSA-2426 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2012/dsa-2426 (string)

}

1 : { »

name : FEDORA-2011-11318 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html (string)

}

2 : { »

name : GLSA-201209-23 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://security.gentoo.org/glsa/glsa-201209-23.xml (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://cups.org/str.php?L3867 (string)

}

4 : { »

name : [oss-security] 20110810 LZW decompression issues (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2011/08/10/10 (string)

}

5 : { »

name : USN-1207-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-1207-1 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=727800 (string)

}

7 : { »

name : RHSA-2012:1180 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1180.html (string)

}

8 : { »

name : 48308 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/48308 (string)

}

9 : { »

name : DSA-2354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2011/dsa-2354 (string)

}

10 : { »

name : 45948 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/45948 (string)

}

11 : { »

name : RHSA-2012:1181 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1181.html (string)

}

12 : { »

name : 46024 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/46024 (string)

}

13 : { »

name : 45900 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/45900 (string)

}

14 : { »

name : RHSA-2011:1635 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1635.html (string)

}

15 : { »

name : FEDORA-2011-11221 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html (string)

}

16 : { »

name : FEDORA-2011-11173 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=730338 (string)

}

18 : { »

name : 49148 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/49148 (string)

}

19 : { »

name : MDVSA-2011:146 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 (string)

}

20 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 (string)

}

21 : { »

name : FEDORA-2011-11305 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html (string)

}

22 : { »

name : USN-1214-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-1214-1 (string)

}

23 : { »

name : 50737 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/50737 (string)

}

24 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc (string)

}

25 : { »

name : MDVSA-2011:167 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 (string)

}

26 : { »

name : FEDORA-2011-11197 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html (string)

}

27 : { »

name : FEDORA-2011-11229 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html (string)

}

28 : { »

name : 48236 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/48236 (string)

}

29 : { »

name : 1025929 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1025929 (string)

}

30 : { »

name : 45621 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/45621 (string)

}

31 : { »

name : 45945 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/45945 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T23:15:31.669Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : DSA-2426 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2012/dsa-2426 (string)

}

1 : { »

name : FEDORA-2011-11318 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html (string)

}

2 : { »

name : GLSA-201209-23 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://security.gentoo.org/glsa/glsa-201209-23.xml (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://cups.org/str.php?L3867 (string)

}

4 : { »

name : [oss-security] 20110810 LZW decompression issues (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2011/08/10/10 (string)

}

5 : { »

name : USN-1207-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-1207-1 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=727800 (string)

}

7 : { »

name : RHSA-2012:1180 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1180.html (string)

}

8 : { »

name : 48308 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/48308 (string)

}

9 : { »

name : DSA-2354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2011/dsa-2354 (string)

}

10 : { »

name : 45948 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/45948 (string)

}

11 : { »

name : RHSA-2012:1181 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1181.html (string)

}

12 : { »

name : 46024 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/46024 (string)

}

13 : { »

name : 45900 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/45900 (string)

}

14 : { »

name : RHSA-2011:1635 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1635.html (string)

}

15 : { »

name : FEDORA-2011-11221 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html (string)

}

16 : { »

name : FEDORA-2011-11173 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=730338 (string)

}

18 : { »

name : 49148 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/49148 (string)

}

19 : { »

name : MDVSA-2011:146 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 (string)

}

20 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 (string)

}

21 : { »

name : FEDORA-2011-11305 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html (string)

}

22 : { »

name : USN-1214-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-1214-1 (string)

}

23 : { »

name : 50737 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/50737 (string)

}

24 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc (string)

}

25 : { »

name : MDVSA-2011:167 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 (string)

}

26 : { »

name : FEDORA-2011-11197 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html (string)

}

27 : { »

name : FEDORA-2011-11229 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html (string)

}

28 : { »

name : 48236 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/48236 (string)

}

29 : { »

name : 1025929 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1025929 (string)

}

30 : { »

name : 45621 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/45621 (string)

}

31 : { »

name : 45945 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/45945 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2011-2896 (string)

datePublished : 2011-08-19T17:00:00 (string)

dateReserved : 2011-07-27T00:00:00 (string)

dateUpdated : 2024-08-06T23:15:31.669Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*", "matchCriteriaId": "306F1543-3DA7-4374-9705-0702A78E9A87", "versionEndIncluding": "5.10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "580C1D10-6677-4636-9626-7B4FA3CFEA5C", "versionEndIncluding": "1.4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F771B1-B26F-4429-AC0F-ED8C2740B1F9", "versionEndIncluding": "2.6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."}, {"lang": "es", "value": "El descompresor LZW en (1) la funci\u00f3n LWZReadByte en giftoppm.c en el David Koblas GIF decoder en PBMPLUS, tal y como se utiliza en la funci\u00f3n gif_read_lzw en filter/image-gif.c en CUPS antes de la versi\u00f3n v1.4.7, (2) la funci\u00f3n LZWReadByte en plug-ins/common/file-gif-load.c en GIMP v2.6.11 y anteriores, (3) la funci\u00f3n LZWReadByte en img/gifread.c en XPCE en SWI-Prolog v5.10.4 y anteriores, y (4) otros productos, no controla correctamente las palabras de c\u00f3digo que est\u00e1n ausentes de la tabla de descompresi\u00f3n, lo que permite provocar a atacantes remotos un bucle infinito o un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), y posiblemente, ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de un flujo o fichero comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2895.\r\n"}], "id": "CVE-2011-2896", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-08-19T17:55:03.317", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://cups.org/str.php?L3867"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45621"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45900"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45945"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45948"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/46024"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/48236"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/48308"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/50737"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2354"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2426"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/49148"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025929"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1207-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1214-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://cups.org/str.php?L3867"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45945"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/45948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/46024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/48236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/48308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/50737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1635.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/49148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1025929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1207-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1214-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730338"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 306F1543-3DA7-4374-9705-0702A78E9A87 (string)

versionEndIncluding : 5.10.4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 580C1D10-6677-4636-9626-7B4FA3CFEA5C (string)

versionEndIncluding : 1.4.6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B0F771B1-B26F-4429-AC0F-ED8C2740B1F9 (string)

versionEndIncluding : 2.6.11 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. (string)

}

1 : { »

lang : es (string)

value : El descompresor LZW en (1) la función LWZReadByte en giftoppm.c en el David Koblas GIF decoder en PBMPLUS, tal y como se utiliza en la función gif_read_lzw en filter/image-gif.c en CUPS antes de la versión v1.4.7, (2) la función LZWReadByte en plug-ins/common/file-gif-load.c en GIMP v2.6.11 y anteriores, (3) la función LZWReadByte en img/gifread.c en XPCE en SWI-Prolog v5.10.4 y anteriores, y (4) otros productos, no controla correctamente las palabras de código que están ausentes de la tabla de descompresión, lo que permite provocar a atacantes remotos un bucle infinito o un desbordamiento de búfer basado en memoria dinámica (heap), y posiblemente, ejecutar código de su elección, a través de un flujo o fichero comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2895. (string)

}

]

id : CVE-2011-2896 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : HIGH (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:H/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 4.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2011-08-19T17:55:03.317 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : http://cups.org/str.php?L3867 (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html (string)

}

4 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html (string)

}

5 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html (string)

}

6 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html (string)

}

7 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html (string)

}

8 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1180.html (string)

}

9 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1181.html (string)

}

10 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45621 (string)

}

11 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45900 (string)

}

12 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45945 (string)

}

13 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45948 (string)

}

14 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/46024 (string)

}

15 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/48236 (string)

}

16 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/48308 (string)

}

17 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/50737 (string)

}

18 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://security.gentoo.org/glsa/glsa-201209-23.xml (string)

}

19 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2011/dsa-2354 (string)

}

20 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2012/dsa-2426 (string)

}

21 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 (string)

}

22 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 (string)

}

23 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2011/08/10/10 (string)

}

24 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1635.html (string)

}

25 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/49148 (string)

}

26 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1025929 (string)

}

27 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 (string)

}

28 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-1207-1 (string)

}

29 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-1214-1 (string)

}

30 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=727800 (string)

}

31 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=730338 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : http://cups.org/str.php?L3867 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1180.html (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1181.html (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45621 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45900 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45945 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/45948 (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/46024 (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/48236 (string)

}

48 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/48308 (string)

}

49 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://secunia.com/advisories/50737 (string)

}

50 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://security.gentoo.org/glsa/glsa-201209-23.xml (string)

}

51 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2011/dsa-2354 (string)

}

52 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2012/dsa-2426 (string)

}

53 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 (string)

}

54 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:167 (string)

}

55 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2011/08/10/10 (string)

}

56 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.redhat.com/support/errata/RHSA-2011-1635.html (string)

}

57 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/49148 (string)

}

58 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1025929 (string)

}

59 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 (string)

}

60 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-1207-1 (string)

}

61 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-1214-1 (string)

}

62 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=727800 (string)

}

63 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=730338 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2012:0302", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "low", "package": "cups-1:1.3.7-30.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-02-21T00:00:00Z"}, {"advisory": "RHSA-2012:1181", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "gimp-2:2.2.13-2.0.7.el5_8.5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-08-20T00:00:00Z"}, {"advisory": "RHSA-2011:1635", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "low", "package": "cups-1:1.4.2-44.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-12-05T00:00:00Z"}, {"advisory": "RHSA-2012:1180", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "gimp-2:2.6.9-4.el6_3.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-08-20T00:00:00Z"}], "bugzilla": {"description": "David Koblas' GIF decoder LZW decoder buffer overflow", "id": "727800", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=727800"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895."], "name": "CVE-2011-2896", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "impact": "low", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "gdk-pixbuf", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "gtk2", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "tk", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gdk-pixbuf", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gtk2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "tk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gtk2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ocaml", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "impact": "low", "package_name": "pl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tk", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-08-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-2896\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2896"], "statement": "Vulnerable. This issue affects the versions of cups as shipped with Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact for the cups package. A future update may address this issue in the cups package for Red Hat Enterprise Linux 4, 5, and 6. For additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2012:0302 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

impact : low (string)

package : cups-1:1.3.7-30.el5 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2012-02-21T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2012:1181 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : gimp-2:2.2.13-2.0.7.el5_8.5 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2012-08-20T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2011:1635 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

impact : low (string)

package : cups-1:1.4.2-44.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2011-12-05T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2012:1180 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : gimp-2:2.6.9-4.el6_3.3 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2012-08-20T00:00:00Z (string)

}

]

bugzilla : { »

description : David Koblas' GIF decoder LZW decoder buffer overflow (string)

id : 727800 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=727800 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 5.1 (string)

cvss_scoring_vector : AV:N/AC:H/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

details : [ »

0 : The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. (string)

]

name : CVE-2011-2896 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

fix_state : Will not fix (string)

impact : low (string)

package_name : cups (string)

product_name : Red Hat Enterprise Linux 4 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

fix_state : Not affected (string)

package_name : gd (string)

product_name : Red Hat Enterprise Linux 4 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

fix_state : Not affected (string)

package_name : gdk-pixbuf (string)

product_name : Red Hat Enterprise Linux 4 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

fix_state : Will not fix (string)

package_name : gimp (string)

product_name : Red Hat Enterprise Linux 4 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

fix_state : Not affected (string)

package_name : gtk2 (string)

product_name : Red Hat Enterprise Linux 4 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

fix_state : Not affected (string)

package_name : php (string)

product_name : Red Hat Enterprise Linux 4 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:4 (string)

fix_state : Not affected (string)

package_name : tk (string)

product_name : Red Hat Enterprise Linux 4 (string)

}

7 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : gd (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

8 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : gdk-pixbuf (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

9 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : gtk2 (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

10 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : php (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

11 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : php53 (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

12 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : tk (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

13 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : gd (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

14 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : gtk2 (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

15 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Will not fix (string)

package_name : ocaml (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

16 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : php (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

17 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Will not fix (string)

impact : low (string)

package_name : pl (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

18 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : tk (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

]

public_date : 2011-08-10T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2011-2896 https://nvd.nist.gov/vuln/detail/CVE-2011-2896 (string)

]

statement : Vulnerable. This issue affects the versions of cups as shipped with Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact for the cups package. A future update may address this issue in the cups package for Red Hat Enterprise Linux 4, 5, and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. (string)

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object