Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2011-2895

Disclosure Date: August 19, 2011
CVE-2011-2895
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • freebsd,
  • freetype,
  • netbsd,
  • openbsd,
  • x

Products

  • freebsd,
  • freetype 2.1.9,
  • libxfont,
  • libxfont 1.2.0,
  • libxfont 1.2.1,
  • libxfont 1.2.2,
  • libxfont 1.2.3,
  • libxfont 1.2.4,
  • libxfont 1.2.5,
  • libxfont 1.2.6,
  • libxfont 1.2.7,
  • libxfont 1.2.8,
  • libxfont 1.2.9,
  • libxfont 1.3.0,
  • libxfont 1.3.1,
  • libxfont 1.3.2,
  • libxfont 1.3.3,
  • libxfont 1.3.4,
  • libxfont 1.4.0,
  • libxfont 1.4.1,
  • libxfont 1.4.2,
  • netbsd,
  • openbsd,
  • openbsd 2.0,
  • openbsd 2.1,
  • openbsd 2.2,
  • openbsd 2.3,
  • openbsd 2.4,
  • openbsd 2.5,
  • openbsd 2.6,
  • openbsd 2.7,
  • openbsd 2.8,
  • openbsd 2.9,
  • openbsd 3.0,
  • openbsd 3.1,
  • openbsd 3.2,
  • openbsd 3.3,
  • openbsd 3.4,
  • openbsd 3.5,
  • openbsd 3.6

References

Canonical
CVE-2011-2895 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895)
BID-49124 (http://www.securityfocus.com/bid/49124)
Advisory
https://support.apple.com/HT205635
http://www.redhat.com/support/errata/RHSA-2011-1154.html
USN-1191-1 (http://www.ubuntu.com/usn/USN-1191-1)
[oss-security] 20110810 LZW decompression issues (http://www.openwall.com/lists/oss-security/2011/08/10/10)
https://bugzilla.redhat.com/show_bug.cgi?id=725760
SECUNIA-45544 (http://secunia.com/advisories/45544)
https://support.apple.com/HT205637
http://support.apple.com/kb/HT5130
APPLE-SA-2015-12-08-4 (http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153
SECUNIA-45599 (http://secunia.com/advisories/45599)
http://www.redhat.com/support/errata/RHSA-2011-1155.html
SECTRACK-1025920 (http://securitytracker.com/id?1025920)
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
APPLE-SA-2015-12-08-3 (http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
APPLE-SA-2012-02-01-1 (http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html)
[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption (http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html)
SECUNIA-46127 (http://secunia.com/advisories/46127)
SECUNIA-45986 (http://secunia.com/advisories/45986)
http://www.redhat.com/support/errata/RHSA-2011-1161.html
http://www.redhat.com/support/errata/RHSA-2011-1834.html
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
XF-xorg-lzw-bo(69141) (https://exchange.xforce.ibmcloud.com/vulnerabilities/69141)
APPLE-SA-2015-12-08-1 (http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html)
SECUNIA-45568 (http://secunia.com/advisories/45568)
[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4 (http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html)
https://support.apple.com/HT205641
https://support.apple.com/HT205640
http://cgit.freedesktop.org/xorg/lib/libXfont/commit?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
SECUNIA-48951 (http://secunia.com/advisories/48951)
APPLE-SA-2015-12-08-2 (http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html)
http://support.apple.com/kb/HT5281
APPLE-SA-2012-05-09-1 (http://lists.apple.com/archives/security-announce/2012/May/msg00001.html)
DSA-2293 (http://www.debian.org/security/2011/dsa-2293)
https://bugzilla.redhat.com/show_bug.cgi?id=727624
Miscellaneous
NetBSD-SA2011-007 (http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc)
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis