The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-08-19T17:00:00

Updated: 2024-08-06T23:22:27.661Z

Reserved: 2011-08-19T00:00:00

Link: CVE-2011-3170

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-08-19T17:55:03.363

Modified: 2017-08-29T01:30:05.287

Link: CVE-2011-3170

cve-icon Redhat

Severity : Moderate

Publid Date: 2011-08-04T00:00:00Z

Links: CVE-2011-3170 - Bugzilla