CVE-2011-2895 in iOSinformation

Résumé

par MITRE

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Réserver

27/07/2011

Divulgation

19/08/2011

Modérer

accepté

Entrée

Relier

afficher

CPE

prêt

CWE

CWE-119 (confirmé)

CVSS

9.3 (NVD)

EPSS

0.08355

KEV

non

Activités

très faible

Secteur

Lawfirm, Insurance, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2895
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2895
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2895/

◂ Précédent Aperçu Suivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!