English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-2895
Description:The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
Test IDs: 1.3.6.1.4.1.25623.1.0.70415   1.3.6.1.4.1.25623.1.0.70067   1.3.6.1.4.1.25623.1.0.880965   1.3.6.1.4.1.25623.1.0.70427   1.3.6.1.4.1.25623.1.0.70269   1.3.6.1.4.1.25623.1.0.881438   1.3.6.1.4.1.25623.1.0.870465   1.3.6.1.4.1.25623.1.0.70907   1.3.6.1.4.1.25623.1.0.881395   1.3.6.1.4.1.25623.1.0.70275   1.3.6.1.4.1.25623.1.0.70314   1.3.6.1.4.1.25623.1.0.840721   1.3.6.1.4.1.25623.1.0.70229   1.3.6.1.4.1.25623.1.0.870467   1.3.6.1.4.1.25623.1.1.4.2012.0553.1   1.3.6.1.4.1.25623.1.0.831465   1.3.6.1.4.1.25623.1.0.870463   1.3.6.1.4.1.25623.1.0.70266   1.3.6.1.4.1.25623.1.0.880993   1.3.6.1.4.1.25623.1.0.70070   1.3.6.1.4.1.25623.1.0.880955   1.3.6.1.4.1.25623.1.0.70066   1.3.6.1.4.1.25623.1.0.70743   1.3.6.1.4.1.25623.1.0.71905   1.3.6.1.4.1.25623.1.0.881355   1.3.6.1.4.1.25623.1.0.72066   1.3.6.1.4.1.25623.1.0.122111   1.3.6.1.4.1.25623.1.0.831487  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-2895
1025920
http://securitytracker.com/id?1025920
45544
http://secunia.com/advisories/45544
45568
http://secunia.com/advisories/45568
45599
http://secunia.com/advisories/45599
45986
http://secunia.com/advisories/45986
46127
http://secunia.com/advisories/46127
48951
http://secunia.com/advisories/48951
49124
http://www.securityfocus.com/bid/49124
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
APPLE-SA-2015-12-08-1
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
APPLE-SA-2015-12-08-2
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
APPLE-SA-2015-12-08-3
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
APPLE-SA-2015-12-08-4
http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html
DSA-2293
http://www.debian.org/security/2011/dsa-2293
MDVSA-2011:153
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153
NetBSD-SA2011-007
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc
RHSA-2011:1154
http://www.redhat.com/support/errata/RHSA-2011-1154.html
RHSA-2011:1155
http://www.redhat.com/support/errata/RHSA-2011-1155.html
RHSA-2011:1161
http://www.redhat.com/support/errata/RHSA-2011-1161.html
RHSA-2011:1834
http://www.redhat.com/support/errata/RHSA-2011-1834.html
SUSE-SU-2011:1035
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
USN-1191-1
http://www.ubuntu.com/usn/USN-1191-1
[oss-security] 20110810 LZW decompression issues
http://www.openwall.com/lists/oss-security/2011/08/10/10
[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html
[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5281
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
https://bugzilla.redhat.com/show_bug.cgi?id=725760
https://bugzilla.redhat.com/show_bug.cgi?id=725760
https://bugzilla.redhat.com/show_bug.cgi?id=727624
https://bugzilla.redhat.com/show_bug.cgi?id=727624
https://support.apple.com/HT205635
https://support.apple.com/HT205635
https://support.apple.com/HT205637
https://support.apple.com/HT205637
https://support.apple.com/HT205640
https://support.apple.com/HT205640
https://support.apple.com/HT205641
https://support.apple.com/HT205641
openSUSE-SU-2011:1299
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
xorg-lzw-bo(69141)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69141



© 1998-2025 E-Soft Inc. All rights reserved.