CVE-2011-2895
Vulnerability from cvelistv5
Published
2011-08-19 17:00
Modified
2024-08-06 23:15
Severity ?
Summary
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
References
secalert@redhat.comhttp://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0Patch
secalert@redhat.comhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
secalert@redhat.comhttp://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.htmlPatch
secalert@redhat.comhttp://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.htmlPatch
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
secalert@redhat.comhttp://secunia.com/advisories/45544Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/45568Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/45599Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/45986
secalert@redhat.comhttp://secunia.com/advisories/46127
secalert@redhat.comhttp://secunia.com/advisories/48951
secalert@redhat.comhttp://securitytracker.com/id?1025920
secalert@redhat.comhttp://support.apple.com/kb/HT5130
secalert@redhat.comhttp://support.apple.com/kb/HT5281
secalert@redhat.comhttp://www.debian.org/security/2011/dsa-2293
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:153
secalert@redhat.comhttp://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/08/10/10
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1154.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1155.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1161.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1834.html
secalert@redhat.comhttp://www.securityfocus.com/bid/49124
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1191-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=725760Patch
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=727624
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69141
secalert@redhat.comhttps://support.apple.com/HT205635
secalert@redhat.comhttps://support.apple.com/HT205637
secalert@redhat.comhttps://support.apple.com/HT205640
secalert@redhat.comhttps://support.apple.com/HT205641
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0Patch
af854a3a-2127-422b-91ae-364da2661108http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45544Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45568Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45599Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45986
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46127
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48951
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1025920
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5130
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5281
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2293
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:153
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2011/08/10/10
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1154.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1155.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1161.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1834.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49124
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1191-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=725760Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=727624
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/69141
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT205635
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT205637
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT205640
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT205641
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T23:15:31.486Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT205635",
               },
               {
                  name: "RHSA-2011:1154",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2011-1154.html",
               },
               {
                  name: "USN-1191-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1191-1",
               },
               {
                  name: "[oss-security] 20110810 LZW decompression issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2011/08/10/10",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=725760",
               },
               {
                  name: "45544",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/45544",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT205637",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT5130",
               },
               {
                  name: "APPLE-SA-2015-12-08-4",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html",
               },
               {
                  name: "MDVSA-2011:153",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153",
               },
               {
                  name: "49124",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/49124",
               },
               {
                  name: "45599",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/45599",
               },
               {
                  name: "RHSA-2011:1155",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2011-1155.html",
               },
               {
                  name: "1025920",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1025920",
               },
               {
                  name: "openSUSE-SU-2011:1299",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html",
               },
               {
                  name: "APPLE-SA-2015-12-08-3",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html",
               },
               {
                  name: "SUSE-SU-2011:1035",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html",
               },
               {
                  name: "APPLE-SA-2012-02-01-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html",
               },
               {
                  name: "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html",
               },
               {
                  name: "46127",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46127",
               },
               {
                  name: "45986",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/45986",
               },
               {
                  name: "RHSA-2011:1161",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2011-1161.html",
               },
               {
                  name: "RHSA-2011:1834",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2011-1834.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17",
               },
               {
                  name: "xorg-lzw-bo(69141)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141",
               },
               {
                  name: "APPLE-SA-2015-12-08-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html",
               },
               {
                  name: "45568",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/45568",
               },
               {
                  name: "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT205641",
               },
               {
                  name: "NetBSD-SA2011-007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_NETBSD",
                     "x_transferred",
                  ],
                  url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT205640",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0",
               },
               {
                  name: "48951",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/48951",
               },
               {
                  name: "APPLE-SA-2015-12-08-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT5281",
               },
               {
                  name: "APPLE-SA-2012-05-09-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html",
               },
               {
                  name: "DSA-2293",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2011/dsa-2293",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=727624",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2011-08-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/HT205635",
            },
            {
               name: "RHSA-2011:1154",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2011-1154.html",
            },
            {
               name: "USN-1191-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1191-1",
            },
            {
               name: "[oss-security] 20110810 LZW decompression issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2011/08/10/10",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=725760",
            },
            {
               name: "45544",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/45544",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/HT205637",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT5130",
            },
            {
               name: "APPLE-SA-2015-12-08-4",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html",
            },
            {
               name: "MDVSA-2011:153",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153",
            },
            {
               name: "49124",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/49124",
            },
            {
               name: "45599",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/45599",
            },
            {
               name: "RHSA-2011:1155",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2011-1155.html",
            },
            {
               name: "1025920",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1025920",
            },
            {
               name: "openSUSE-SU-2011:1299",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html",
            },
            {
               name: "APPLE-SA-2015-12-08-3",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html",
            },
            {
               name: "SUSE-SU-2011:1035",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html",
            },
            {
               name: "APPLE-SA-2012-02-01-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html",
            },
            {
               name: "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html",
            },
            {
               name: "46127",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46127",
            },
            {
               name: "45986",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/45986",
            },
            {
               name: "RHSA-2011:1161",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2011-1161.html",
            },
            {
               name: "RHSA-2011:1834",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2011-1834.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17",
            },
            {
               name: "xorg-lzw-bo(69141)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141",
            },
            {
               name: "APPLE-SA-2015-12-08-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html",
            },
            {
               name: "45568",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/45568",
            },
            {
               name: "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/HT205641",
            },
            {
               name: "NetBSD-SA2011-007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
               ],
               url: "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/HT205640",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0",
            },
            {
               name: "48951",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/48951",
            },
            {
               name: "APPLE-SA-2015-12-08-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT5281",
            },
            {
               name: "APPLE-SA-2012-05-09-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html",
            },
            {
               name: "DSA-2293",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2011/dsa-2293",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=727624",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2011-2895",
      datePublished: "2011-08-19T17:00:00",
      dateReserved: "2011-07-27T00:00:00",
      dateUpdated: "2024-08-06T23:15:31.486Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2011-2895\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-08-19T17:55:03.037\",\"lastModified\":\"2024-11-21T01:29:13.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.\"},{\"lang\":\"es\",\"value\":\"El descompresor en LZW en (1) la función BufCompressedFill en fontfile/decompress.c en X.Org libXfont antes de la versión v1.4.4 y (2) compress/compress.c en 4.3BSD, tal y como se utiliza en zopen.c en OpenBSD antes de la versión v3.8, FreeBSD, NetBSD, FreeType v2.1.9, y otros productos, no controla correctamente las palabras de código ausentes de la tabla de descompresión, lo que permite provocar un bucle infinito o un desbordamiento de búfer basado en memoria dinámica (heap) a atacantes (dependiendo del contexto) y posiblemente ejecutar código de su elección a través de un flujo comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2896.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73474B9-6853-4C5C-9CB9-5F4D3080D1C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.3\",\"matchCriteriaId\":\"366E84EE-4BAC-4816-B04A-7B60F70B0084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A7B86F-A74E-42D8-BBE6-D86C4EB672B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9806D538-0672-4D27-9A32-F41BB53DF738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29297813-F2F4-48BF-8DEA-DC83E44D154E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1437F3D-127E-45E7-B678-85BF208BAD30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26743145-32B4-45A6-8912-2B97EF59B677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C18E74E-DB01-4D5F-BD18-DE370BA56A38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06DBC61A-10CD-41ED-AC1B-16C867823059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"061E16E4-0DD2-45B0-927D-5E6D97D54D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F3B17A-D8A9-4581-8EAC-4D6498A23F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D064C118-DC51-46CF-961E-3D70C1EEFC92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9F45C46-F416-46FC-8C98-79D57BB397D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21FE78A-41E1-46A7-8129-94CBA34A3FA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ADFF46D-9680-410C-B8B8-79F629534465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D36FBB2E-7BCD-4212-AE04-8C7C6B57CD49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A603E28-7D58-44FB-819E-5F22FA9860EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D9EE6A0-89DC-464D-890F-2C0E5CDCFAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B056FDAB-4B10-4B32-A942-84864D39CBD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"642C350E-C81B-46F7-84B4-D3DE45E70DC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9EC02F3-3905-460D-8949-3B26394215CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B55E4B92-88E0-41F0-AFA7-046A8D34A2CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.7\",\"matchCriteriaId\":\"29DC69AE-D8BB-410B-B911-BFEA95774C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DF0D51-FCFA-46A3-B834-E80DFA91DFDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CB726CF-ADA2-4CDA-9786-1E84AC53740A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FC373FC-88AC-4B6D-A289-51881ACD57F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D2DA7F0-E3C0-447A-A2B0-ECC928389D84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEBE290B-5EC6-4BBA-B645-294C150E417A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACE7FDFB-C6A6-4B58-B0B4-236E4EA76EF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF053A1-C252-427E-9EEF-27240F422976\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48A9C344-45AA-47B9-B35A-1A62E220D9C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EB24F0-46A7-481B-83ED-8BB012AE0C8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA6AEAF0-FA61-4A3F-A083-1218C2027781\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60DA30A1-3360-46BC-85B7-008D535F95BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA33E7E2-DE7B-411E-8991-718DA0988C51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1957B3C0-7F25-469B-BC3F-7B09260837ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC46909F-DDFC-448B-BCDF-1EB343F96630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9496279F-AB43-4B53-81A6-87C651ABC4BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDA160D4-5CAB-44E7-880A-59DD98FEAD62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D84D7A-EB7C-4196-B8B6-7B703C8055C2\"}]}]}],\"references\":[{\"url\":\"http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/45544\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45568\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45599\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45986\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/46127\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/48951\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1025920\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT5130\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT5281\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2293\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:153\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/08/10/10\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1154.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1155.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1161.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1834.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/49124\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1191-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=725760\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=727624\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69141\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT205640\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT205641\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/45544\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45568\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/46127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/48951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1025920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/08/10/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1154.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1155.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1161.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1834.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/49124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1191-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=725760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=727624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.