Vulnerability Report

CVE-2011-2895

Title: Freetype RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2011-2895.

CWE Category CWE-119

Published Date Aug 19, 2011

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

7.02%

Vulnerability Summary

CVE-2011-2895: The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

Impacted Vendors

freetype 1

x.org 1

x 1

Reference Links

http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html http://secunia.com/advisories/45544 http://secunia.com/advisories/45568 http://secunia.com/advisories/45599 http://secunia.com/advisories/45986 http://secunia.com/advisories/46127 http://secunia.com/advisories/48951 http://securitytracker.com/id?1025920 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2011/dsa-2293 http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 http://www.openwall.com/lists/oss-security/2011/08/10/10 http://www.redhat.com/support/errata/RHSA-2011-1154.html http://www.redhat.com/support/errata/RHSA-2011-1155.html http://www.redhat.com/support/errata/RHSA-2011-1161.html http://www.redhat.com/support/errata/RHSA-2011-1834.html http://www.securityfocus.com/bid/49124 http://www.ubuntu.com/usn/USN-1191-1 https://bugzilla.redhat.com/show_bug.cgi?id=725760 https://bugzilla.redhat.com/show_bug.cgi?id=727624 https://exchange.xforce.ibmcloud.com/vulnerabilities/69141 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641 http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html http://secunia.com/advisories/45544 http://secunia.com/advisories/45568 http://secunia.com/advisories/45599 http://secunia.com/advisories/45986 http://secunia.com/advisories/46127 http://secunia.com/advisories/48951 http://securitytracker.com/id?1025920 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2011/dsa-2293 http://www.mandriva.com/security/advisories?name=MDVSA-2011:153 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17 http://www.openwall.com/lists/oss-security/2011/08/10/10 http://www.redhat.com/support/errata/RHSA-2011-1154.html http://www.redhat.com/support/errata/RHSA-2011-1155.html http://www.redhat.com/support/errata/RHSA-2011-1161.html http://www.redhat.com/support/errata/RHSA-2011-1834.html http://www.securityfocus.com/bid/49124 http://www.ubuntu.com/usn/USN-1191-1 https://bugzilla.redhat.com/show_bug.cgi?id=725760 https://bugzilla.redhat.com/show_bug.cgi?id=727624 https://exchange.xforce.ibmcloud.com/vulnerabilities/69141 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-2895 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

August 19, 2011 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.