CVE-2011-3170
Published: 19 August 2011
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
cups Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.5.0-8)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(1.5.0-8)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(1.5.0-8)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(1.5.0-8)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(1.5.0-8)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(1.5.0-8)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [1.5.0-8])
|
|
|
Patches: Upstream: https://github.com/apple/cups/commit/771bd8cbffe1ffb06d90b2c7f00191830e6b738c |
||
|
cupsys Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
gimp Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected)
|
|
|
swi-prolog Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Needed
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needed)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needed)
|
|
|
Patches: Upstream: http://www.swi-prolog.org/git/packages/xpce.git/commit/30fbc4e030cbef5871e1b96c31458116ce3e2ee8 |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | This also affects cups 1.5.x and isn't fixed in 1.5.0 gimp was fixed correctly with a single commit, so doesn't have this issue, which is an incomplete fix. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170
- https://ubuntu.com/security/notices/USN-1207-1
- NVD
- Launchpad
- Debian