CVE-2011-3170
EPSS 9.1%
Description
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
How to fix CVE-2011-3170
To remediate CVE-2011-3170, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.5.0-8 or later
Is CVE-2011-3170 being exploited?
Moderate — EPSS is 9.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.5.0-8