SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   libXfont Vendors:   X.org
libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1025920
SecurityTracker URL:  http://securitytracker.com/id/1025920
CVE Reference:   CVE-2011-2895   (Links to External Site)
Date:  Aug 11 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.4.4
Description:   A vulnerability was reported in libXfont. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted LZW stream that, when processed by the target user or application, will trigger a heap overflow in the LZW decompresser and execute arbitrary code on the target system. The code will run with the privileges of the target user or application.

Impact:   A remote user can create a file that, when processed by the target user or application, will execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (1.4.4).

The vendor's advisory is available at:

http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html

Vendor URL:  lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 11 2011 (Red Hat Issues Fix) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Aug 11 2011 (Red Hat Issues Fix for X11) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
Red Hat has issued a fix for xorg-x11 for Red Hat Enterprise Linux 4.
Aug 15 2011 (Red Hat Issues Fix for FreeType) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
Red Hat has issued a fix for FreeType for Red Hat Enterprise Linux 4.
Sep 22 2011 (NetBSD Issues Fix) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
NetBSD has issued a fix.
Sep 28 2011 (FreeBSD Issues Fix) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
FreeBSD has issued a fix.
Dec 20 2011 (Red Hat Issues Fix) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 5.6 Extended Update Support.
Dec 8 2015 (Apple Issues Fix for Apple OS X) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
Apple has issued a fix for Apple OS X.
Dec 9 2015 (Apple Issues Fix for Apple Watch) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
Apple has issued a fix for Apple Watch.
Dec 9 2015 (Apple Issues Fix for Apple TV) libXfont Heap Overflow in LZW Decompresser Lets Remote Users Execute Arbitrary Code
Apple has issued a fix for Apple TV.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC