Heap-based buffer overflow in CUPS - CVE-2011-2896
Published: August 19, 2011 / Updated: July 28, 2020
CUPS
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which. A remote attacker can use a crafted compressed stream to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2011-2896
Sources
- http://cups.org/str.php?L3867
- http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html
- http://rhn.redhat.com/errata/RHSA-2012-1180.html
- http://rhn.redhat.com/errata/RHSA-2012-1181.html
- http://secunia.com/advisories/45621
- http://secunia.com/advisories/45900
- http://secunia.com/advisories/45945
- http://secunia.com/advisories/45948
- http://secunia.com/advisories/46024
- http://secunia.com/advisories/48236
- http://secunia.com/advisories/48308
- http://secunia.com/advisories/50737
- http://security.gentoo.org/glsa/glsa-201209-23.xml
- http://www.debian.org/security/2011/dsa-2354
- http://www.debian.org/security/2012/dsa-2426
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:146
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:167
- http://www.openwall.com/lists/oss-security/2011/08/10/10
- http://www.redhat.com/support/errata/RHSA-2011-1635.html
- http://www.securityfocus.com/bid/49148
- http://www.securitytracker.com/id?1025929
- http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
- http://www.ubuntu.com/usn/USN-1207-1
- http://www.ubuntu.com/usn/USN-1214-1
- https://bugzilla.redhat.com/show_bug.cgi?id=727800
- https://bugzilla.redhat.com/show_bug.cgi?id=730338