{"id":"CVE-2011-3170","details":"The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.","modified":"2026-04-10T03:41:57.000674Z","published":"2011-08-19T17:55:03Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/45796"},{"type":"ADVISORY","url":"http://secunia.com/advisories/46024"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-201207-10.xml"},{"type":"ADVISORY","url":"http://www.debian.org/security/2011/dsa-2354"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:146"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:147"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1207-1"},{"type":"FIX","url":"http://cups.org/str.php?L3914"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=727800"},{"type":"WEB","url":"http://www.securityfocus.com/bid/49323"},{"type":"WEB","url":"http://www.securitytracker.com/id?1025980"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/69380"}],"schema_version":"1.7.5"}