Details of VAR-201108-0236

ID

VAR-201108-0236

CVE

CVE-2011-2896

TITLE

GNU Gimp 'LZWReadByte()' GIF Graphics Parse Buffer Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201108-279

DESCRIPTION

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. The software enables a variety of image manipulations, including photo retouching, image compositing, and image creation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: gimp security update Advisory ID: RHSA-2012:1180-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1180.html Issue date: 2012-08-20 CVE Names: CVE-2011-2896 CVE-2012-3403 CVE-2012-3481 ===================================================================== 1. Summary: Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting the CVE-2012-3481 issue. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow 839020 - CVE-2012-3403 gimp (CEL plug-in): heap buffer overflow when loading external palette files 847303 - CVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-help-browser-2.6.9-4.el6_3.3.i686.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-2.6.9-4.el6_3.3.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-help-browser-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-tools-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-help-browser-2.6.9-4.el6_3.3.i686.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm ppc64: gimp-2.6.9-4.el6_3.3.ppc64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.ppc64.rpm gimp-help-browser-2.6.9-4.el6_3.3.ppc64.rpm gimp-libs-2.6.9-4.el6_3.3.ppc64.rpm s390x: gimp-2.6.9-4.el6_3.3.s390x.rpm gimp-debuginfo-2.6.9-4.el6_3.3.s390x.rpm gimp-help-browser-2.6.9-4.el6_3.3.s390x.rpm gimp-libs-2.6.9-4.el6_3.3.s390x.rpm x86_64: gimp-2.6.9-4.el6_3.3.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-help-browser-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-tools-2.6.9-4.el6_3.3.i686.rpm ppc64: gimp-debuginfo-2.6.9-4.el6_3.3.ppc.rpm gimp-debuginfo-2.6.9-4.el6_3.3.ppc64.rpm gimp-devel-2.6.9-4.el6_3.3.ppc.rpm gimp-devel-2.6.9-4.el6_3.3.ppc64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.ppc64.rpm gimp-libs-2.6.9-4.el6_3.3.ppc.rpm s390x: gimp-debuginfo-2.6.9-4.el6_3.3.s390.rpm gimp-debuginfo-2.6.9-4.el6_3.3.s390x.rpm gimp-devel-2.6.9-4.el6_3.3.s390.rpm gimp-devel-2.6.9-4.el6_3.3.s390x.rpm gimp-devel-tools-2.6.9-4.el6_3.3.s390x.rpm gimp-libs-2.6.9-4.el6_3.3.s390.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-help-browser-2.6.9-4.el6_3.3.i686.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-2.6.9-4.el6_3.3.x86_64.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-help-browser-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/gimp-2.6.9-4.el6_3.3.src.rpm i386: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-tools-2.6.9-4.el6_3.3.i686.rpm x86_64: gimp-debuginfo-2.6.9-4.el6_3.3.i686.rpm gimp-debuginfo-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-2.6.9-4.el6_3.3.i686.rpm gimp-devel-2.6.9-4.el6_3.3.x86_64.rpm gimp-devel-tools-2.6.9-4.el6_3.3.x86_64.rpm gimp-libs-2.6.9-4.el6_3.3.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2896.html https://www.redhat.com/security/data/cve/CVE-2012-3403.html https://www.redhat.com/security/data/cve/CVE-2012-3481.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQMkPOXlSAg2UNWIIRAoioAJ4jHFJUK62fFEbsjc4kWIxKdF923wCgt8C0 1dStfvwHDmdvSZrya8DZ/LA= =Lo3d -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:146 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cups Date : October 11, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in cups: The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses (CVE-2010-2432). Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. CVE-2011-1782 The correction for CVE-2010-4543 was incomplete. For the stable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2.6.11-5. We recommend that you upgrade your gimp packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GIMP: Multiple vulnerabilities Date: September 28, 2012 Bugs: #293127, #350915, #372975, #379289, #418425, #432582 ID: 201209-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code or Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-gfx/gimp < 2.6.12-r2 >= 2.6.12-r2 Description =========== Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GIMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.6.12-r2" References ========== [ 1 ] CVE-2009-1570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1570 [ 2 ] CVE-2009-3909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3909 [ 3 ] CVE-2010-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4540 [ 4 ] CVE-2010-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4541 [ 5 ] CVE-2010-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4542 [ 6 ] CVE-2010-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4543 [ 7 ] CVE-2011-1178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1178 [ 8 ] CVE-2011-2896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2896 [ 9 ] CVE-2012-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2763 [ 10 ] CVE-2012-3402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3402 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-23.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1207-1 September 14, 2011 cups, cupsys vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: An attacker could send crafted print jobs to CUPS and cause it to crash or run programs. Software Description: - cups: Common UNIX Printing System(tm) - server - cupsys: Common UNIX Printing System(tm) - server Details: Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libcupsimage2 1.4.6-5ubuntu1.4 Ubuntu 10.10: libcupsimage2 1.4.4-6ubuntu2.4 Ubuntu 10.04 LTS: libcupsimage2 1.4.3-1ubuntu1.5 Ubuntu 8.04 LTS: libcupsimage2 1.3.7-1ubuntu3.13 In general, a standard system update will make all the necessary changes

Trust: 1.71

sources: NVD: CVE-2011-2896 // VULHUB: VHN-50841 // PACKETSTORM: 115681 // PACKETSTORM: 105649 // PACKETSTORM: 107429 // PACKETSTORM: 105296 // PACKETSTORM: 110489 // PACKETSTORM: 116983 // PACKETSTORM: 115680 // PACKETSTORM: 105118

AFFECTED PRODUCTS

vendor:	apple	model:	cups	scope:	lte	version:	1.4.6	Trust: 1.0
vendor:	swi prolog	model:	swi-prolog	scope:	lte	version:	5.10.4	Trust: 1.0
vendor:	gimp	model:	gimp	scope:	lte	version:	2.6.11	Trust: 1.0
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.7	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.2	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.5	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.11	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.4	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.10	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.8	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.3	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.6	Trust: 0.6
vendor:	gnu	model:	gimp	scope:	eq	version:	2.6.9	Trust: 0.6

sources: CNNVD: CNNVD-201108-279 // NVD: CVE-2011-2896

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2896
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201108-279
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-50841
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-2896
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-50841
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-50841 // CNNVD: CNNVD-201108-279 // NVD: CVE-2011-2896

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-50841 // NVD: CVE-2011-2896

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 105649 // PACKETSTORM: 105118 // CNNVD: CNNVD-201108-279

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201108-279

PATCH

title:

GNU Gimp 'LZWReadByte()' GIF Fixes for Graphics Parsing Buffer Error Vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180847

Trust: 0.6

sources: CNNVD: CNNVD-201108-279

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2896	Trust: 2.5
db:	SECUNIA	id:	46024	Trust: 1.7
db:	SECUNIA	id:	45945	Trust: 1.7
db:	SECUNIA	id:	45621	Trust: 1.7
db:	SECUNIA	id:	45948	Trust: 1.7
db:	SECUNIA	id:	50737	Trust: 1.7
db:	SECUNIA	id:	48236	Trust: 1.7
db:	SECUNIA	id:	48308	Trust: 1.7
db:	SECUNIA	id:	45900	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2011/08/10/10	Trust: 1.7
db:	SECTRACK	id:	1025929	Trust: 1.7
db:	BID	id:	49148	Trust: 1.7
db:	CNNVD	id:	CNNVD-201108-279	Trust: 0.7
db:	PACKETSTORM	id:	107429	Trust: 0.2
db:	PACKETSTORM	id:	105118	Trust: 0.2
db:	PACKETSTORM	id:	105296	Trust: 0.2
db:	PACKETSTORM	id:	115681	Trust: 0.2
db:	PACKETSTORM	id:	107564	Trust: 0.1
db:	PACKETSTORM	id:	110007	Trust: 0.1
db:	VULHUB	id:	VHN-50841	Trust: 0.1
db:	PACKETSTORM	id:	105649	Trust: 0.1
db:	PACKETSTORM	id:	110489	Trust: 0.1
db:	PACKETSTORM	id:	116983	Trust: 0.1
db:	PACKETSTORM	id:	115680	Trust: 0.1

sources: VULHUB: VHN-50841 // PACKETSTORM: 115681 // PACKETSTORM: 105649 // PACKETSTORM: 107429 // PACKETSTORM: 105296 // PACKETSTORM: 110489 // PACKETSTORM: 116983 // PACKETSTORM: 115680 // PACKETSTORM: 105118 // CNNVD: CNNVD-201108-279 // NVD: CVE-2011-2896

REFERENCES

url:	http://security.gentoo.org/glsa/glsa-201209-23.xml	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2012-1180.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2012-1181.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-1207-1	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-1214-1	Trust: 1.8
url:	http://www.securitytracker.com/id?1025929	Trust: 1.7
url:	http://secunia.com/advisories/45621	Trust: 1.7
url:	http://secunia.com/advisories/45900	Trust: 1.7
url:	http://secunia.com/advisories/45945	Trust: 1.7
url:	http://secunia.com/advisories/45948	Trust: 1.7
url:	http://secunia.com/advisories/46024	Trust: 1.7
url:	http://secunia.com/advisories/48236	Trust: 1.7
url:	http://secunia.com/advisories/48308	Trust: 1.7
url:	http://www.securityfocus.com/bid/49148	Trust: 1.7
url:	http://secunia.com/advisories/50737	Trust: 1.7
url:	http://www.debian.org/security/2011/dsa-2354	Trust: 1.7
url:	http://www.debian.org/security/2012/dsa-2426	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-august/064873.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-august/064600.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065550.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065651.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065527.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-september/065539.html	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2011:146	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2011:167	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2011-1635.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2011/08/10/10	Trust: 1.7
url:	http://cups.org/str.php?l3867	Trust: 1.7
url:	http://git.gnome.org/browse/gimp/commit/?id=376ad788c1a1c31d40f18494889c383f6909ebfc	Trust: 1.7
url:	http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=727800	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=730338	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2896	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3170	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2011-2896.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2012-3403.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2012-3481.html	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3403	Trust: 0.2
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3481	Trust: 0.2
url:	http://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/knowledge/articles/11258	Trust: 0.2
url:	http://secunia.com/	Trust: 0.2
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.2
url:	http://www.debian.org/security/faq	Trust: 0.2
url:	http://www.debian.org/security/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4542	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4540	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2010-4543	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3402	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3909	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2432	Trust: 0.1
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	http://store.mandriva.com/product_info.php?cpath=149&products_id=490	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3170	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-2432	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2896	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/gimp/2.6.10-1ubuntu3.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/gimp/2.6.8-2ubuntu1.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/gimp/2.6.11-1ubuntu6.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-1782	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2763	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-2763	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3402	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4540	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1178	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1570	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3909	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4541	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4542	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2896	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-1178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1570	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2009-3909.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2012-3402.html	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cupsys/1.3.7-1ubuntu3.13	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/1.4.6-5ubuntu1.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/1.4.4-6ubuntu2.4	Trust: 0.1

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 115681 // PACKETSTORM: 115680

SOURCES

db:	VULHUB	id:	VHN-50841
db:	PACKETSTORM	id:	115681
db:	PACKETSTORM	id:	105649
db:	PACKETSTORM	id:	107429
db:	PACKETSTORM	id:	105296
db:	PACKETSTORM	id:	110489
db:	PACKETSTORM	id:	116983
db:	PACKETSTORM	id:	115680
db:	PACKETSTORM	id:	105118
db:	CNNVD	id:	CNNVD-201108-279
db:	NVD	id:	CVE-2011-2896

LAST UPDATE DATE

2026-02-07T19:59:36.445000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-50841	date:	2018-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201108-279	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2011-2896	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-50841	date:	2011-08-19T00:00:00
db:	PACKETSTORM	id:	115681	date:	2012-08-20T21:50:38
db:	PACKETSTORM	id:	105649	date:	2011-10-10T22:39:39
db:	PACKETSTORM	id:	107429	date:	2011-12-01T00:06:52
db:	PACKETSTORM	id:	105296	date:	2011-09-22T15:56:42
db:	PACKETSTORM	id:	110489	date:	2012-03-06T23:59:02
db:	PACKETSTORM	id:	116983	date:	2012-09-28T23:51:10
db:	PACKETSTORM	id:	115680	date:	2012-08-20T21:49:57
db:	PACKETSTORM	id:	105118	date:	2011-09-14T22:51:57
db:	CNNVD	id:	CNNVD-201108-279	date:	2011-08-16T00:00:00
db:	NVD	id:	CVE-2011-2896	date:	2011-08-19T17:55:03.317