CVE-2011-2896

NameCVE-2011-2896
DescriptionThe LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2354-1, DSA-2426-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs643753
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)squeeze1.4.4-7+squeeze5fixed
squeeze (security)1.4.4-7+squeeze4fixed
squeeze (lts)1.4.4-7+squeeze7fixed
wheezy1.5.3-5+deb7u4fixed
wheezy (security)1.5.3-5+deb7u5fixed
jessie, sid1.7.5-11fixed
gimp (PTS)squeeze (security), squeeze2.6.10-1+squeeze4fixed
wheezy, wheezy (security)2.8.2-2+deb7u1fixed
jessie, sid2.8.14-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)1.5.0-8medium
cupssourcelenny1.3.8-1+lenny10mediumDSA-2354-1
cupssourcesqueeze1.4.4-7+squeeze1mediumDSA-2354-1
gimpsource(unstable)2.6.11-5medium643753
gimpsourcesqueeze2.6.10-1+squeeze3mediumDSA-2426-1

Notes

There's more: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896

Search for package or bug name: Reporting problems