Your submission was sent successfully! Close

CVE-2011-3170

Published: 19 August 2011

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.5.0-8)
bionic Not vulnerable
(1.5.0-8)
cosmic Not vulnerable
(1.5.0-8)
disco Not vulnerable
(1.5.0-8)
eoan Not vulnerable
(1.5.0-8)
focal Not vulnerable
(1.5.0-8)
groovy Not vulnerable
(1.5.0-8)
hardy Does not exist

hirsute Not vulnerable
(1.5.0-8)
impish Not vulnerable
(1.5.0-8)
jammy Not vulnerable
(1.5.0-8)
lucid
Released (1.4.3-1ubuntu1.5)
maverick
Released (1.4.4-6ubuntu2.4)
natty
Released (1.4.6-5ubuntu1.4)
oneiric Not vulnerable
(1.5.0-8)
precise Does not exist
(precise was not-affected [1.5.0-8])
quantal Not vulnerable
(1.5.0-8)
raring Not vulnerable
(1.5.0-8)
saucy Not vulnerable
(1.5.0-8)
trusty Does not exist
(trusty was not-affected [1.5.0-8])
upstream
Released (1.5.0-8)
utopic Not vulnerable
(1.5.0-8)
vivid Not vulnerable
(1.5.0-8)
wily Not vulnerable
(1.5.0-8)
xenial Not vulnerable
(1.5.0-8)
yakkety Not vulnerable
(1.5.0-8)
zesty Not vulnerable
(1.5.0-8)
cupsys
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hardy
Released (1.3.7-1ubuntu3.13)
hirsute Does not exist

impish Does not exist

jammy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gimp
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

eoan Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hardy Ignored
(reached end-of-life)
hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise Does not exist
(precise was not-affected)
quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

utopic Not vulnerable

vivid Not vulnerable

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable

swi-prolog
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needed

groovy Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needed

jammy Needed

lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was needed)
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)

Notes

AuthorNote
mdeslaur
This also affects cups 1.5.x and isn't fixed in 1.5.0
gimp was fixed correctly with a single commit, so doesn't have
this issue, which is an incomplete fix.

References

Bugs