CVE-2011-2895

Summary

CVE	CVE-2011-2895
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-08-19 17:55:03 UTC
Updated	2026-04-29 01:13:23 UTC
Description	The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Risk And Classification

Primary CVSS: v2.0 9.3 from [email protected]

AV:N/AC:M/Au:N/C:C/I:C/A:C

Problem Types: CWE-119 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Freebsd	Freebsd	All	All	All	All
Application	Freetype	Freetype	2.1.9	All	All	All
Operating System	Netbsd	Netbsd	All	All	All	All
Operating System	Openbsd	Openbsd	2.0	All	All	All
Operating System	Openbsd	Openbsd	2.1	All	All	All
Operating System	Openbsd	Openbsd	2.2	All	All	All
Operating System	Openbsd	Openbsd	2.3	All	All	All
Operating System	Openbsd	Openbsd	2.4	All	All	All
Operating System	Openbsd	Openbsd	2.5	All	All	All
Operating System	Openbsd	Openbsd	2.6	All	All	All
Operating System	Openbsd	Openbsd	2.7	All	All	All
Operating System	Openbsd	Openbsd	2.8	All	All	All
Operating System	Openbsd	Openbsd	2.9	All	All	All
Operating System	Openbsd	Openbsd	3.0	All	All	All
Operating System	Openbsd	Openbsd	3.1	All	All	All
Operating System	Openbsd	Openbsd	3.2	All	All	All
Operating System	Openbsd	Openbsd	3.3	All	All	All
Operating System	Openbsd	Openbsd	3.4	All	All	All
Operating System	Openbsd	Openbsd	3.5	All	All	All
Operating System	Openbsd	Openbsd	3.6	All	All	All
Operating System	Openbsd	Openbsd	All	All	All	All
Application	X	Libxfont	1.2.0	All	All	All
Application	X	Libxfont	1.2.1	All	All	All
Application	X	Libxfont	1.2.2	All	All	All
Application	X	Libxfont	1.2.3	All	All	All
Application	X	Libxfont	1.2.4	All	All	All
Application	X	Libxfont	1.2.5	All	All	All
Application	X	Libxfont	1.2.6	All	All	All
Application	X	Libxfont	1.2.7	All	All	All
Application	X	Libxfont	1.2.8	All	All	All
Application	X	Libxfont	1.2.9	All	All	All
Application	X	Libxfont	1.3.0	All	All	All
Application	X	Libxfont	1.3.1	All	All	All
Application	X	Libxfont	1.3.2	All	All	All
Application	X	Libxfont	1.3.3	All	All	All
Application	X	Libxfont	1.3.4	All	All	All
Application	X	Libxfont	1.4.0	All	All	All
Application	X	Libxfont	1.4.1	All	All	All
Application	X	Libxfont	1.4.2	All	All	All
Application	X	Libxfont	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks - Apple Support	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
SUSE update for xorg-x11 - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Red Hat update for xorg-x11 - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Debian update for libxfont - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Bug 727624 – CVE-2011-2895 BSD compress LZW decoder buffer overflow	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
[security-announce] openSUSE-SU-2011:1299-1: important: xorg-x11-libs	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
oss-security - LZW decompression issues	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com
About the security content of watchOS 2.1 - Apple Support	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
Debian -- Security Information -- DSA-2293-1 libxfont	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
xorg/lib/libXfont - X font handling library for server & utilities	af854a3a-2127-422b-91ae-364da2661108	cgit.freedesktop.org	Patch
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Vendor Advisory
APPLE-SA-2015-12-08-2 tvOS 9.1	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
CVS log for src/usr.bin/compress/zopen.c	af854a3a-2127-422b-91ae-364da2661108	www.openbsd.org
About the security content of OS X Lion v10.7.4 and Security Update 2012-002	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
About the security content of OS X Lion v10.7.3 and Security Update 2012-001	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
X.Org libXfont LZW Decompression Privilege Escalation Vulnerability - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Bug 725760 – CVE-2011-2895 libXfont: LZW decompression heap corruption / infinite loop	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com	Patch
Support / Security / Advisories / / MDVSA-2011:153 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
APPLE-SA-2015-12-08-1 iOS 9.2	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
About the security content of tvOS 9.1 - Apple Support	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Vendor Advisory
USN-1191-1: libXfont vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
About the security content of iOS 9.2 - Apple Support	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
X.Org security advisory: libXfont LZW decompression heap corruption	af854a3a-2127-422b-91ae-364da2661108	lists.freedesktop.org	Patch
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Security Advisory SA48951 - SUSE update for freetype2 - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Vendor Advisory
APPLE-SA-2015-12-08-4 watchOS 2.1	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
[ANNOUNCE] libXfont 1.4.4	af854a3a-2127-422b-91ae-364da2661108	lists.freedesktop.org	Patch
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc	af854a3a-2127-422b-91ae-364da2661108	ftp.netbsd.org
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
NetBSD libXfont LZW Decompression Privilege Escalation Vulnerability - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
[security-announce] SUSE-SU-2011:1035-1: important: Security update for	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.