Heap-based Buffer Overflow in gif_read_lzw Function in CUPS 1.4.8 and Earlier

Heap-based Buffer Overflow in gif_read_lzw Function in CUPS 1.4.8 and Earlier

CVE-2011-3170 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

Learn more about our Web Application Penetration Testing UK.