CVE-2011-2895
libxfont - buffer overflow
Description
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
How to fix CVE-2011-2895
To remediate CVE-2011-2895, upgrade the affected package to a fixed version below.
- —upgrade to 1:1.4.4-1 or later
- —upgrade to 1:1.3.3-2 or later
Is CVE-2011-2895 being exploited?
Moderate — EPSS is 7.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1:1.4.4-1
- from 0, < 1:1.3.3-2