{"id":"UBUNTU-CVE-2011-2896","details":"The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.","modified":"2026-05-20T16:03:16.133825857Z","published":"2011-08-19T00:00:00Z","related":["USN-1207-1","USN-1214-1"],"upstream":["CVE-2011-2896"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2011-2896"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-1207-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-1214-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2011-2896"}],"affected":[{"package":{"name":"swi-prolog","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/swi-prolog?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.2.0-2","7.2.0-3","7.2.3-2"],"ecosystem_specific":{"binaries":[{"binary_name":"swi-prolog","binary_version":"7.2.3-2"},{"binary_name":"swi-prolog-java","binary_version":"7.2.3-2"},{"binary_name":"swi-prolog-nox","binary_version":"7.2.3-2"},{"binary_name":"swi-prolog-odbc","binary_version":"7.2.3-2"},{"binary_name":"swi-prolog-x","binary_version":"7.2.3-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2896.json"}},{"package":{"name":"swi-prolog","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/swi-prolog?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.4.2+dfsg-2","7.6.1+dfsg-2","7.6.1+dfsg-3","7.6.2+dfsg-1","7.6.4+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"swi-prolog","binary_version":"7.6.4+dfsg-1build1"},{"binary_name":"swi-prolog-bdb","binary_version":"7.6.4+dfsg-1build1"},{"binary_name":"swi-prolog-java","binary_version":"7.6.4+dfsg-1build1"},{"binary_name":"swi-prolog-nox","binary_version":"7.6.4+dfsg-1build1"},{"binary_name":"swi-prolog-odbc","binary_version":"7.6.4+dfsg-1build1"},{"binary_name":"swi-prolog-x","binary_version":"7.6.4+dfsg-1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2896.json"}},{"package":{"name":"swi-prolog","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/swi-prolog?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.6.4+dfsg-2ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"swi-prolog","binary_version":"7.6.4+dfsg-2ubuntu2"},{"binary_name":"swi-prolog-bdb","binary_version":"7.6.4+dfsg-2ubuntu2"},{"binary_name":"swi-prolog-java","binary_version":"7.6.4+dfsg-2ubuntu2"},{"binary_name":"swi-prolog-nox","binary_version":"7.6.4+dfsg-2ubuntu2"},{"binary_name":"swi-prolog-odbc","binary_version":"7.6.4+dfsg-2ubuntu2"},{"binary_name":"swi-prolog-x","binary_version":"7.6.4+dfsg-2ubuntu2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2896.json"}},{"package":{"name":"swi-prolog","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/swi-prolog?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.2.4+dfsg-1ubuntu1","8.4.2+dfsg-2ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"swi-prolog","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-bdb","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-core","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-core-packages","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-full","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-java","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-nox","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-odbc","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-test","binary_version":"8.4.2+dfsg-2ubuntu1"},{"binary_name":"swi-prolog-x","binary_version":"8.4.2+dfsg-2ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2896.json"}},{"package":{"name":"swi-prolog","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/swi-prolog?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.0.4+dfsg-2ubuntu1","9.0.4+dfsg-3ubuntu1","9.0.4+dfsg-3.1ubuntu3","9.0.4+dfsg-3.1ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_name":"swi-prolog","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-bdb","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-core","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-core-packages","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-full","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-java","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-nox","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-odbc","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-test","binary_version":"9.0.4+dfsg-3.1ubuntu4"},{"binary_name":"swi-prolog-x","binary_version":"9.0.4+dfsg-3.1ubuntu4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2896.json"}},{"package":{"name":"swi-prolog","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/swi-prolog?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.0.4+dfsg-3.1ubuntu4","9.2.9+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_name":"swi-prolog","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-bdb","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-core","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-core-packages","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-full","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-java","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-nox","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-odbc","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-test","binary_version":"9.2.9+dfsg-1"},{"binary_name":"swi-prolog-x","binary_version":"9.2.9+dfsg-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2896.json"}},{"package":{"name":"swi-prolog","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/swi-prolog?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.2.9+dfsg-1","9.2.9+dfsg-1.1","9.2.9+dfsg-1.1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"swi-prolog","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-bdb","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-core","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-core-packages","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-full","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-java","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-nox","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-odbc","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-test","binary_version":"9.2.9+dfsg-1.1build1"},{"binary_name":"swi-prolog-x","binary_version":"9.2.9+dfsg-1.1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-2896.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}