CVE-2011-2895
BSD compress LZW decoder buffer overflow
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
El descompresor en LZW en (1) la función BufCompressedFill en fontfile/decompress.c en X.Org libXfont antes de la versión v1.4.4 y (2) compress/compress.c en 4.3BSD, tal y como se utiliza en zopen.c en OpenBSD antes de la versión v3.8, FreeBSD, NetBSD, FreeType v2.1.9, y otros productos, no controla correctamente las palabras de código ausentes de la tabla de descompresión, lo que permite provocar un bucle infinito o un desbordamiento de búfer basado en memoria dinámica (heap) a atacantes (dependiendo del contexto) y posiblemente ejecutar código de su elección a través de un flujo comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2896.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-07-27 CVE Reserved
- 2011-08-12 CVE Published
- 2024-05-28 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (39)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/45986 | Third Party Advisory | |
| http://secunia.com/advisories/46127 | Third Party Advisory | |
| http://secunia.com/advisories/48951 | Third Party Advisory | |
| http://securitytracker.com/id?1025920 | Vdb Entry | |
| http://support.apple.com/kb/HT5130 | X_refsource_confirm |
|
| http://support.apple.com/kb/HT5281 | X_refsource_confirm |
|
| http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2011/08/10/10 | Mailing List |
|
| http://www.securityfocus.com/bid/49124 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69141 | Vdb Entry | |
| https://support.apple.com/HT205635 | X_refsource_confirm |
|
| https://support.apple.com/HT205637 | X_refsource_confirm |
|
| https://support.apple.com/HT205640 | X_refsource_confirm |
|
| https://support.apple.com/HT205641 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freetype Search vendor "Freetype" | Freetype Search vendor "Freetype" for product "Freetype" | 2.1.9 Search vendor "Freetype" for product "Freetype" and version "2.1.9" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | <= 1.4.3 Search vendor "X" for product "Libxfont" and version " <= 1.4.3" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.0 Search vendor "X" for product "Libxfont" and version "1.2.0" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.1 Search vendor "X" for product "Libxfont" and version "1.2.1" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.2 Search vendor "X" for product "Libxfont" and version "1.2.2" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.3 Search vendor "X" for product "Libxfont" and version "1.2.3" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.4 Search vendor "X" for product "Libxfont" and version "1.2.4" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.5 Search vendor "X" for product "Libxfont" and version "1.2.5" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.6 Search vendor "X" for product "Libxfont" and version "1.2.6" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.7 Search vendor "X" for product "Libxfont" and version "1.2.7" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.8 Search vendor "X" for product "Libxfont" and version "1.2.8" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.2.9 Search vendor "X" for product "Libxfont" and version "1.2.9" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.3.0 Search vendor "X" for product "Libxfont" and version "1.3.0" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.3.1 Search vendor "X" for product "Libxfont" and version "1.3.1" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.3.2 Search vendor "X" for product "Libxfont" and version "1.3.2" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.3.3 Search vendor "X" for product "Libxfont" and version "1.3.3" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.3.4 Search vendor "X" for product "Libxfont" and version "1.3.4" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.4.0 Search vendor "X" for product "Libxfont" and version "1.4.0" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.4.1 Search vendor "X" for product "Libxfont" and version "1.4.1" | - |
Affected
| ||||||
| X Search vendor "X" | Libxfont Search vendor "X" for product "Libxfont" | 1.4.2 Search vendor "X" for product "Libxfont" and version "1.4.2" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | * | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | <= 3.7 Search vendor "Openbsd" for product "Openbsd" and version " <= 3.7" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.0 Search vendor "Openbsd" for product "Openbsd" and version "2.0" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.1 Search vendor "Openbsd" for product "Openbsd" and version "2.1" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.2 Search vendor "Openbsd" for product "Openbsd" and version "2.2" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.3 Search vendor "Openbsd" for product "Openbsd" and version "2.3" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.4 Search vendor "Openbsd" for product "Openbsd" and version "2.4" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.5 Search vendor "Openbsd" for product "Openbsd" and version "2.5" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.6 Search vendor "Openbsd" for product "Openbsd" and version "2.6" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.7 Search vendor "Openbsd" for product "Openbsd" and version "2.7" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.8 Search vendor "Openbsd" for product "Openbsd" and version "2.8" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 2.9 Search vendor "Openbsd" for product "Openbsd" and version "2.9" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.0 Search vendor "Openbsd" for product "Openbsd" and version "3.0" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.1 Search vendor "Openbsd" for product "Openbsd" and version "3.1" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.2 Search vendor "Openbsd" for product "Openbsd" and version "3.2" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.3 Search vendor "Openbsd" for product "Openbsd" and version "3.3" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.4 Search vendor "Openbsd" for product "Openbsd" and version "3.4" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.5 Search vendor "Openbsd" for product "Openbsd" and version "3.5" | - |
Affected
| ||||||
| Openbsd Search vendor "Openbsd" | Openbsd Search vendor "Openbsd" for product "Openbsd" | 3.6 Search vendor "Openbsd" for product "Openbsd" and version "3.6" | - |
Affected
| ||||||