Vulnerability CVE-2011-2895
Published: 2011-08-19   Modified: 2012-02-13

Description:
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
X -> Libxfont 
Openbsd -> Openbsd 
Netbsd -> Netbsd 
Freetype -> Freetype 
Freebsd -> Freebsd 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=725760
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
https://support.apple.com/HT205641
https://support.apple.com/HT205640
https://support.apple.com/HT205637
https://support.apple.com/HT205635
https://bugzilla.redhat.com/show_bug.cgi?id=727624
http://xforce.iss.net/xforce/xfdb/69141
http://www.ubuntu.com/usn/USN-1191-1
http://www.securityfocus.com/bid/49124
http://www.redhat.com/support/errata/RHSA-2011-1834.html
http://www.redhat.com/support/errata/RHSA-2011-1161.html
http://www.redhat.com/support/errata/RHSA-2011-1155.html
http://www.redhat.com/support/errata/RHSA-2011-1154.html
http://www.openwall.com/lists/oss-security/2011/08/10/10
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153
http://www.debian.org/security/2011/dsa-2293
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5130
http://securitytracker.com/id?1025920
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc
Copyright 2024, cxsecurity.com

 

Back to Top