CVE-2011-2895 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openbsd
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents10 sources
Severity
9.3CRITICALNVD
CNA7.5OSV7.5
EPSS
7.0%
top 8.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 19
Latest updateMay 17
Description
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow…
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages4 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8hvp-h85w-jwq9: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress↗2022-05-17
CVEList▶
CVE-2011-2895: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress↗2011-08-19
OSV▶
CVE-2011-2895: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress↗2011-08-19