Vulnerability Report

CVE-2011-3170

Title: Apple Cups RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2011-3170.

CWE Category CWE-119

Published Date Aug 19, 2011

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 5.1 CVSS v2.0

Exploit Probability (EPSS)

9.15%

Vulnerability Summary

CVE-2011-3170: The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

Impacted Vendors

easy_software_products 1

apple 1

Reference Links

http://cups.org/str.php?L3914 http://secunia.com/advisories/45796 http://secunia.com/advisories/46024 http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.debian.org/security/2011/dsa-2354 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:147 http://www.securityfocus.com/bid/49323 http://www.securitytracker.com/id?1025980 http://www.ubuntu.com/usn/USN-1207-1 https://bugzilla.redhat.com/show_bug.cgi?id=727800 https://exchange.xforce.ibmcloud.com/vulnerabilities/69380 http://cups.org/str.php?L3914 http://secunia.com/advisories/45796 http://secunia.com/advisories/46024 http://security.gentoo.org/glsa/glsa-201207-10.xml http://www.debian.org/security/2011/dsa-2354 http://www.mandriva.com/security/advisories?name=MDVSA-2011:146 http://www.mandriva.com/security/advisories?name=MDVSA-2011:147 http://www.securityfocus.com/bid/49323 http://www.securitytracker.com/id?1025980 http://www.ubuntu.com/usn/USN-1207-1 https://bugzilla.redhat.com/show_bug.cgi?id=727800 https://exchange.xforce.ibmcloud.com/vulnerabilities/69380

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.1

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:H/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-3170 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

August 19, 2011 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.