CVE-2011-2895
Summary
| CVE | CVE-2011-2895 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-08-19 17:55:00 UTC |
| Updated | 2017-08-29 01:29:00 UTC |
| Description | The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Freebsd | Freebsd | All | All | All | All |
| Operating System | Freebsd | Freebsd | All | All | All | All |
| Application | Freetype | Freetype | 2.1.9 | All | All | All |
| Application | Freetype | Freetype | 2.1.9 | All | All | All |
| Operating System | Netbsd | Netbsd | All | All | All | All |
| Operating System | Netbsd | Netbsd | All | All | All | All |
| Operating System | Openbsd | Openbsd | 2.0 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.1 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.2 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.3 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.4 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.5 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.6 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.7 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.8 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.9 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.0 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.1 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.2 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.3 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.4 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.5 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.6 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.0 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.1 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.2 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.3 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.4 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.5 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.6 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.7 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.8 | All | All | All |
| Operating System | Openbsd | Openbsd | 2.9 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.0 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.1 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.2 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.3 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.4 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.5 | All | All | All |
| Operating System | Openbsd | Openbsd | 3.6 | All | All | All |
| Operating System | Openbsd | Openbsd | All | All | All | All |
| Application | X | Libxfont | 1.2.0 | All | All | All |
| Application | X | Libxfont | 1.2.1 | All | All | All |
| Application | X | Libxfont | 1.2.2 | All | All | All |
| Application | X | Libxfont | 1.2.3 | All | All | All |
| Application | X | Libxfont | 1.2.4 | All | All | All |
| Application | X | Libxfont | 1.2.5 | All | All | All |
| Application | X | Libxfont | 1.2.6 | All | All | All |
| Application | X | Libxfont | 1.2.7 | All | All | All |
| Application | X | Libxfont | 1.2.8 | All | All | All |
| Application | X | Libxfont | 1.2.9 | All | All | All |
| Application | X | Libxfont | 1.3.0 | All | All | All |
| Application | X | Libxfont | 1.3.1 | All | All | All |
| Application | X | Libxfont | 1.3.2 | All | All | All |
| Application | X | Libxfont | 1.3.3 | All | All | All |
| Application | X | Libxfont | 1.3.4 | All | All | All |
| Application | X | Libxfont | 1.4.0 | All | All | All |
| Application | X | Libxfont | 1.4.1 | All | All | All |
| Application | X | Libxfont | 1.4.2 | All | All | All |
| Application | X | Libxfont | 1.2.0 | All | All | All |
| Application | X | Libxfont | 1.2.1 | All | All | All |
| Application | X | Libxfont | 1.2.2 | All | All | All |
| Application | X | Libxfont | 1.2.3 | All | All | All |
| Application | X | Libxfont | 1.2.4 | All | All | All |
| Application | X | Libxfont | 1.2.5 | All | All | All |
| Application | X | Libxfont | 1.2.6 | All | All | All |
| Application | X | Libxfont | 1.2.7 | All | All | All |
| Application | X | Libxfont | 1.2.8 | All | All | All |
| Application | X | Libxfont | 1.2.9 | All | All | All |
| Application | X | Libxfont | 1.3.0 | All | All | All |
| Application | X | Libxfont | 1.3.1 | All | All | All |
| Application | X | Libxfont | 1.3.2 | All | All | All |
| Application | X | Libxfont | 1.3.3 | All | All | All |
| Application | X | Libxfont | 1.3.4 | All | All | All |
| Application | X | Libxfont | 1.4.0 | All | All | All |
| Application | X | Libxfont | 1.4.1 | All | All | All |
| Application | X | Libxfont | 1.4.2 | All | All | All |
| Application | X | Libxfont | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| NetBSD-SA2011-007 | NETBSD | ftp.netbsd.org | |
| APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 | APPLE | lists.apple.com | |
| Support / Security / Advisories / / MDVSA-2011:153 | Mandriva | MANDRIVA | www.mandriva.com | |
| CVS log for src/usr.bin/compress/zopen.c | CONFIRM | www.openbsd.org | |
| Security Advisory SA48951 - SUSE update for freetype2 - Secunia | SECUNIA | secunia.com | |
| About the security content of tvOS 9.1 - Apple Support | CONFIRM | support.apple.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| APPLE-SA-2015-12-08-1 iOS 9.2 | APPLE | lists.apple.com | |
| NetBSD libXfont LZW Decompression Privilege Escalation Vulnerability - Secunia.com | SECUNIA | secunia.com | |
| X.Org libXfont LZW Decompression Privilege Escalation Vulnerability - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 | APPLE | lists.apple.com | |
| About the security content of iOS 9.2 - Apple Support | CONFIRM | support.apple.com | |
| X.Org security advisory: libXfont LZW decompression heap corruption | MLIST | lists.freedesktop.org | Patch |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| USN-1191-1: libXfont vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] openSUSE-SU-2011:1299-1: important: xorg-x11-libs | SUSE | lists.opensuse.org | |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| Support | REDHAT | www.redhat.com | |
| About the security content of OS X Lion v10.7.4 and Security Update 2012-002 | CONFIRM | support.apple.com | |
| About the security content of watchOS 2.1 - Apple Support | CONFIRM | support.apple.com | |
| [ANNOUNCE] libXfont 1.4.4 | MLIST | lists.freedesktop.org | Patch |
| APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002 | APPLE | lists.apple.com | |
| xorg/lib/libXfont - X font handling library for server & utilities | CONFIRM | cgit.freedesktop.org | Patch |
| X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | |
| About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks - Apple Support | CONFIRM | support.apple.com | |
| Bug 725760 – CVE-2011-2895 libXfont: LZW decompression heap corruption / infinite loop | CONFIRM | bugzilla.redhat.com | Patch |
| Debian -- Security Information -- DSA-2293-1 libxfont | DEBIAN | www.debian.org | |
| Red Hat update for xorg-x11 - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| About the security content of OS X Lion v10.7.3 and Security Update 2012-001 | CONFIRM | support.apple.com | |
| Support | REDHAT | www.redhat.com | Vendor Advisory |
| libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | securitytracker.com | |
| SUSE update for xorg-x11 - Secunia.com | SECUNIA | secunia.com | |
| Bug 727624 – CVE-2011-2895 BSD compress LZW decoder buffer overflow | CONFIRM | bugzilla.redhat.com | |
| oss-security - LZW decompression issues | MLIST | www.openwall.com | |
| APPLE-SA-2015-12-08-4 watchOS 2.1 | APPLE | lists.apple.com | |
| [security-announce] SUSE-SU-2011:1035-1: important: Security update for | SUSE | lists.opensuse.org | |
| Debian update for libxfont - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| APPLE-SA-2015-12-08-2 tvOS 9.1 | APPLE | lists.apple.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.