CVE-2011-2895

critical

Description

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

References

https://support.apple.com/HT205641

https://support.apple.com/HT205640

https://support.apple.com/HT205637

https://support.apple.com/HT205635

https://exchange.xforce.ibmcloud.com/vulnerabilities/69141

https://bugzilla.redhat.com/show_bug.cgi?id=727624

https://bugzilla.redhat.com/show_bug.cgi?id=725760

http://www.ubuntu.com/usn/USN-1191-1

http://www.securityfocus.com/bid/49124

http://www.redhat.com/support/errata/RHSA-2011-1834.html

http://www.redhat.com/support/errata/RHSA-2011-1161.html

http://www.redhat.com/support/errata/RHSA-2011-1155.html

http://www.redhat.com/support/errata/RHSA-2011-1154.html

http://www.openwall.com/lists/oss-security/2011/08/10/10

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

http://www.mandriva.com/security/advisories?name=MDVSA-2011:153

http://www.debian.org/security/2011/dsa-2293

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5130

http://securitytracker.com/id?1025920

http://secunia.com/advisories/48951

http://secunia.com/advisories/46127

http://secunia.com/advisories/45986

http://secunia.com/advisories/45599

http://secunia.com/advisories/45568

http://secunia.com/advisories/45544

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html

http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html

http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

Details

Source: Mitre, NVD

Published: 2011-08-19

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical