CVE-2011-3170
EPSS 9.1%Published: 8/19/2011Modified: 4/28/2026
Description
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
Affected packages (1)
- Debian/cupsfrom 0, < 1.5.0-8