The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-08-19 10:55
Updated : 2017-08-28 18:30
NVD link : CVE-2011-3170
Mitre link : CVE-2011-3170
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
apple
- cups