Vulnerability Details : CVE-2011-2896
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
Vulnerability category: OverflowMemory CorruptionExecute code
Threat overview for CVE-2011-2896
Top countries where our scanners detected CVE-2011-2896
Top open port discovered on systems with this issue
631
IPs affected by CVE-2011-2896 5,339
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-2896!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-2896
Probability of exploitation activity in the next 30 days: 1.75%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2896
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2011-2896
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2896
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:146
mandriva.comBroken Link
-
http://www.securitytracker.com/id?1025929
GNU Image Manipulation Program (GIMP) Buffer Overflow in Processing GIF Files Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2011-1635.html
SupportBroken Link
-
http://rhn.redhat.com/errata/RHSA-2012-1181.html
RHSA-2012:1181 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/49148
GIMP GIF Image Parsing 'LZWReadByte()' Buffer Overflow VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2012/dsa-2426
Debian -- Security Information -- DSA-2426-1 gimpThird Party Advisory
-
http://www.debian.org/security/2011/dsa-2354
Debian -- Security Information -- DSA-2354-1 cupsThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065527.html
[SECURITY] Fedora 15 Update: pl-5.10.2-5.fc15Third Party Advisory
-
http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc
file-gif-load: fix heap corruption and buffer overflow (CVE-2011-2896) (376ad788) · Commits · GNOME / GIMP · GitLabPatch;Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065651.html
[SECURITY] Fedora 16 Update: pl-5.10.2-5.fc16Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1180.html
RHSA-2012:1180 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html
[SECURITY] Fedora 14 Update: cups-1.4.8-2.fc14Third Party Advisory
-
http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4
404 Not FoundIssue Tracking;Third Party Advisory
-
http://cups.org/str.php?L3867
cups: gif reader infinite loop and heap buffer overflow · Issue #3867 · apple/cups · GitHubPatch;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1214-1
USN-1214-1: GIMP vulnerability | Ubuntu security noticesThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201209-23.xml
GIMP: Multiple vulnerabilities (GLSA 201209-23) — Gentoo securityThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:167
mandriva.comBroken Link
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064873.html
[SECURITY] Fedora 16 Update: cups-1.5.0-6.fc16Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=730338
730338 – CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow [fedora-all]Issue Tracking;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064600.html
[SECURITY] Fedora 15 Update: cups-1.4.8-2.fc15Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1207-1
USN-1207-1: CUPS vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html
[SECURITY] Fedora 14 Update: pl-5.7.11-7.fc14Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2011/08/10/10
oss-security - LZW decompression issuesMailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=727800
727800 – (CVE-2011-2896) CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflowIssue Tracking;Patch;Third Party Advisory
Products affected by CVE-2011-2896
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
- cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*
- cpe:2.3:a:swi-prolog:swi-prolog:*:*:*:*:*:*:*:*