CVE-2011-3170

Name of the Vulnerable Software and Affected Versions CUPS versions 1.4.8 and earlier

Description The issue arises from the gif read lzw function in filter/image-gif.c, which does not properly handle the first code word in an LZW stream. This allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream.

Recommendations For versions 1.4.8 and earlier, update to a version later than 1.4.8 to resolve the issue.