CVE-2011-2895

FreeType 2.1.9 - Heap-Based Buffer Overflow via LZW Decompression

Title source: llm

Description

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

References (38)

Core 38

Core References

Various Sources x_refsource_confirm

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT205635

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-1154.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1191-1

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2011/08/10/10

Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=725760

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45544

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT205637

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5130

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:153

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/49124

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45599

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-1155.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1025920

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

Patch mailing-list x_refsource_mlist

http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/46127

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45986

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-1161.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-1834.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/69141

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45568

Patch mailing-list x_refsource_mlist

http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT205641

Vendor Advisory vendor-advisory x_refsource_netbsd

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT205640

Patch x_refsource_confirm

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48951

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT5281

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2293

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=727624

Scores

EPSS 0.0702

EPSS Percentile 91.6%

Details

CWE

CWE-119

Status published

Products (40)

freebsd/freebsd

freetype/freetype 2.1.9

netbsd/netbsd

openbsd/openbsd 2.0

openbsd/openbsd 2.1

openbsd/openbsd 2.2

openbsd/openbsd 2.3

openbsd/openbsd 2.4

openbsd/openbsd 2.5

openbsd/openbsd 2.6

... and 30 more

Published Aug 19, 2011

Tracked Since Feb 18, 2026