VuXML ID | Description |
a40ec970-0efa-11e5-90e4-d050996490d0 | cups -- multiple vulnerabilities
CUPS development team reports:
The new release addresses two security vulnerabilities,
add localizations for German and Russian, and includes
several general bug fixes. Changes include:
Security: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159
exploiting the dynamic linker (STR #4609)
Security: The scheduler could hang with malformed
gzip data (STR #4602)
Discovery 2015-06-09 Entry 2015-06-09 cups-base
< 2.0.3
CVE-2015-1158
CVE-2015-1159
https://cups.org/blog.php?L1082
https://www.kb.cert.org/vuls/id/810572
|
87106b67-be13-11dd-a578-0030843d3802 | cups -- potential buffer overflow in PNG reading code
CUPS reports:
The PNG image reading code did not validate the
image size properly, leading to a potential buffer overflow
(STR #2974)
Discovery 2008-10-17 Entry 2008-11-29 Modified 2008-12-25 cups-base
< 1.3.9_2
CVE-2008-5286
http://www.cups.org/str.php?L2974
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
http://www.openwall.com/lists/oss-security/2008/11/25/2
|
2747fc39-915b-11dc-9239-001c2514716c | xpdf -- multiple remote Stream.CC vulnerabilities
Secunia Research reports:
Secunia Research has discovered some vulnerabilities in Xpdf,
which can be exploited by malicious people to compromise a user's
system.
- An array indexing error within the
"DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc
can be exploited to corrupt memory via a specially crafted PDF
file.
- An integer overflow error within the "DCTStream::reset()"
method in xpdf/Stream.cc can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.
- A boundary error within the "CCITTFaxStream::lookChar()" method
in xpdf/Stream.cc can be exploited to cause a heap-based buffer
overflow by tricking a user into opening a PDF file containing a
specially crafted "CCITTFaxDecode" filter.
Successful exploitation may allow execution of arbitrary code.
Discovery 2007-11-07 Entry 2007-11-12 Modified 2007-11-14 cups-base
< 1.3.3_2
gpdf
gt 0
kdegraphics
< 3.5.8_1
koffice
< 1.6.3_3,2
poppler
< 0.6
xpdf
< 3.02_5
26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
|
8dd9722c-8e97-11dc-b8f6-001c2514716c | cups -- off-by-one buffer overflow
Secunia reports:
Secunia Research has discovered a vulnerability in CUPS, which can
be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a boundary error within the
"ippReadIO()" function in cups/ipp.c when processing IPP (Internet
Printing Protocol) tags. This can be exploited to overwrite one
byte on the stack with a zero by sending an IPP request containing
specially crafted "textWithLanguage" or "nameWithLanguage" tags.
Successful exploitation allows execution of arbitrary code.
Discovery 2007-11-06 Entry 2007-11-09 Modified 2007-11-12 cups-base
< 1.3.3_1
CVE-2007-4351
http://secunia.com/secunia_research/2007-76/
|
0e43a14d-3f3f-11dc-a79a-0016179b2dd5 | xpdf -- stack based buffer overflow
The KDE Team reports:
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor(). Remotely supplied
pdf files can be used to disrupt the kpdf viewer on
the client machine and possibly execute arbitrary code.
Discovery 2007-07-30 Entry 2007-07-31 Modified 2009-04-29 xpdf
< 3.02_2
kdegraphics
< 3.5.7_1
cups-base
< 1.2.11_3
gpdf
gt 0
pdftohtml
< 0.39_3
poppler
< 0.5.9_4
25124
CVE-2007-3387
http://www.kde.org/info/security/advisory-20070730-1.txt
|
ce29ce1d-971a-11dd-ab7e-001c2514716c | cups -- multiple vulnerabilities
The release note of cups 1.3.9 reports:
It contains the following fixes:
- SECURITY: The HP-GL/2 filter did not range check
pen numbers (STR #2911)
- SECURITY: The SGI image file reader did not range
check 16-bit run lengths (STR #2918)
- SECURITY: The text filter did not range check cpi,
lpi, or column values (STR #2919)
Exploitation of this vulnerability results in the execution
of arbitrary code with the privileges of the affected service.
Discovery 2008-10-09 Entry 2008-10-10 cups-base
< 1.3.9
CVE-2008-3639
CVE-2008-3640
CVE-2008-3641
|
736e55bc-39bb-11de-a493-001b77d09812 | cups -- remote code execution and DNS rebinding
Gentoo security team summarizes:
The following issues were reported in CUPS:
- iDefense reported an integer overflow in the
_cupsImageReadTIFF() function in the "imagetops" filter,
leading to a heap-based buffer overflow (CVE-2009-0163).
- Aaron Siegel of Apple Product Security reported that the
CUPS web interface does not verify the content of the "Host"
HTTP header properly (CVE-2009-0164).
- Braden Thomas and Drew Yao of Apple Product Security
reported that CUPS is vulnerable to CVE-2009-0146,
CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and
poppler.
A remote attacker might send or entice a user to send a
specially crafted print job to CUPS, possibly resulting in the
execution of arbitrary code with the privileges of the
configured CUPS user -- by default this is "lp", or a Denial
of Service. Furthermore, the web interface could be used to
conduct DNS rebinding attacks.
Discovery 2009-05-05 Entry 2009-05-07 Modified 2009-05-13 cups-base
< 1.3.10
34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582
|
39988ee8-1918-11dc-b6bd-0016179b2dd5 | cups -- Incomplete SSL Negotiation Denial of Service
Secunia reports:
CUPS is not using multiple workers to handle connections.
This can be exploited to stop CUPS from accepting new connections
by starting but never completing an SSL negotiation.
Discovery 2007-05-05 Entry 2007-06-12 cups-base
< 1.2.11
http://secunia.com/advisories/24517/
http://security.gentoo.org/glsa/glsa-200703-28.xml
CVE-2007-0720
|