CVE-2011-2896

NameCVE-2011-2896
DescriptionThe LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2354-1, DSA-2426-1
Debian Bugs643753

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)buster, buster (security)2.2.10-6+deb10u6fixed
bullseye (security), bullseye2.3.3op2-3+deb11u2fixed
bookworm, sid2.4.2-2fixed
gimp (PTS)buster2.10.8-2fixed
bullseye2.10.22-4fixed
bookworm, sid2.10.34-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssourcelenny1.3.8-1+lenny10DSA-2354-1
cupssourcesqueeze1.4.4-7+squeeze1DSA-2354-1
cupssource(unstable)1.5.0-8
gimpsourcesqueeze2.6.10-1+squeeze3DSA-2426-1
gimpsource(unstable)2.6.11-5643753

Search for package or bug name: Reporting problems