VYPR
Unrated severityNVD Advisory· Published Aug 19, 2011· Updated Jun 16, 2026

CVE-2011-2895

CVE-2011-2895

Description

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

23
  • FreeType/Freetype2 versions
    cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:freetype:freetype:2.1.9:*:*:*:*:*:*:*
    • (no CPE)range: =2.1.9
  • cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
  • OpenBSD/OpenBSD18 versions
    cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*range: <=3.7
    • cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*
  • Xorg/Libxfontllm-create
    Range: <1.4.4

Patches

Vulnerability mechanics

References

38

News mentions

0

No linked articles in our index yet.