PT-2011-4290 · Apple · Cups

Published

2011-08-19

Updated

2017-08-29

CVE-2011-3170

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CUPS versions 1.4.8 and earlier

Description The issue arises from the gif read lzw function in filter/image-gif.c, which does not properly handle the first code word in an LZW stream. This allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream.

Recommendations For versions 1.4.8 and earlier, update to a version later than 1.4.8 to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-3170

DSA-2354-1

USN-1207-1

Affected Products

Cups

PT-2011-4290 · Apple · Cups

CVE-2011-3170

Weakness Enumeration

Related Identifiers

Affected Products

References · 21