What is the severity of CVE-2008-3640?

CVE-2008-3640 is considered a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary code.

How do I fix CVE-2008-3640?

To fix CVE-2008-3640, upgrade your CUPS installation to version 1.3.9 or later.

What type of vulnerability is CVE-2008-3640?

CVE-2008-3640 is an integer overflow vulnerability that can lead to a heap-based buffer overflow.

Which versions of CUPS are affected by CVE-2008-3640?

CVE-2008-3640 affects all versions of CUPS prior to 1.3.9.

Can CVE-2008-3640 be exploited remotely?

Yes, CVE-2008-3640 can be exploited remotely via a crafted PostScript file.

Vulnerability/
CVE-2008-3640

medium

6.8

CWE

189 119 190

30/9/2008

9/10/2008

14/10/2008

7/8/2024

CVE-2008-3640: Buffer Overflow

First published: Tue Sep 30 2008(Updated: )

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/cups	<1:1.1.22-0.rc1.9.27.el4_7.1	1:1.1.22-0.rc1.9.27.el4_7.1
redhat/cups	<1:1.2.4-11.18.el5_2.2	1:1.2.4-11.18.el5_2.2
CUPS	=1.1.20
CUPS	=1.1.5-2
CUPS	=1.1.14
CUPS	=1.3-rc2
CUPS	=1.1.6-1
CUPS	=1.1.18
CUPS	=1.1.12
CUPS	=1.1.5-1
CUPS	=1.3.3
CUPS	=1.1.22
CUPS	=1.2.0
CUPS	=1.1.16
CUPS	=1.3.1
CUPS	=1.1.23-rc1
CUPS	=1.1.20-rc1
CUPS	=1.1.15
CUPS	=1.1.17
CUPS	=1.1.20-rc6
CUPS	=1.2.4
CUPS	=1.1.19-rc1
CUPS	=1.3.2
CUPS	=1.1.22-rc1
CUPS	=1.1.7
CUPS	=1.2-rc2
CUPS	=1.1.6-2
CUPS	=1.3-b1
CUPS	=1.1.3
CUPS	=1.2.3
CUPS	=1.1.21
CUPS	=1.2.9
CUPS	=1.2.10
CUPS	=1.1.4
CUPS	=1.1.23
CUPS	=1.2.6
CUPS	=1.2-b1
CUPS	=1.1.20-rc4
CUPS	=1.1.19
CUPS	=1.1
CUPS	=1.3.4
CUPS	=1.1.8
CUPS	<=1.3.8
CUPS	=1.1.5
CUPS	=1.2.1
CUPS	=1.2-rc3
CUPS	=1.1.2
CUPS	=1.1.13
CUPS	=1.1.19-rc4
CUPS	=1.1.9-1
CUPS	=1.2.12
CUPS	=1.1.21-rc2
CUPS	=1.2-b2
CUPS	=1.2.7
CUPS	=1.1.6-3
CUPS	=1.1.20-rc5
CUPS	=1.1.9
CUPS	=1.3.7
CUPS	=1.1.19-rc5
CUPS	=1.2-rc1
CUPS	=1.1.1
CUPS	=1.2.8
CUPS	=1.2.2
CUPS	=1.1.10
CUPS	=1.2.11
CUPS	=1.1.22-rc2
CUPS	=1.1.21-rc1
CUPS	=1.3-rc1
CUPS	=1.1.11
CUPS	=1.1.19-rc3
CUPS	=1.1.6
CUPS	=1.1.10-1
CUPS	=1.3.0
CUPS	=1.3.5
CUPS	=1.3.6
CUPS	=1.1.20-rc2
CUPS	=1.1.20-rc3
CUPS	=1.2.5
CUPS	=1.1.19-rc2

Remedy

http://www.securityfocus.com/bid/31690

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2008:0937

Frequently Asked Questions

What is the severity of CVE-2008-3640?
CVE-2008-3640 is considered a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2008-3640?
To fix CVE-2008-3640, upgrade your CUPS installation to version 1.3.9 or later.
What type of vulnerability is CVE-2008-3640?
CVE-2008-3640 is an integer overflow vulnerability that can lead to a heap-based buffer overflow.
Which versions of CUPS are affected by CVE-2008-3640?
CVE-2008-3640 affects all versions of CUPS prior to 1.3.9.
Can CVE-2008-3640 be exploited remotely?
Yes, CVE-2008-3640 can be exploited remotely via a crafted PostScript file.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2008-3640
agent/remedy
agent/severity
agent/references
agent/author
agent/weakness
agent/description
collector/redhat-cve
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/redhat
vendor/apple
canonical/cups
version/cups/1.1.20
version/cups/1.1.5-2
version/cups/1.1.14
version/cups/1.3-rc2
version/cups/1.1.6-1
version/cups/1.1.18
version/cups/1.1.12
version/cups/1.1.5-1
version/cups/1.3.3
version/cups/1.1.22
version/cups/1.2.0
version/cups/1.1.16
version/cups/1.3.1
version/cups/1.1.23-rc1
version/cups/1.1.20-rc1
version/cups/1.1.15
version/cups/1.1.17
version/cups/1.1.20-rc6
version/cups/1.2.4
version/cups/1.1.19-rc1
version/cups/1.3.2
version/cups/1.1.22-rc1
version/cups/1.1.7
version/cups/1.2-rc2
version/cups/1.1.6-2
version/cups/1.3-b1
version/cups/1.1.3
version/cups/1.2.3
version/cups/1.1.21
version/cups/1.2.9
version/cups/1.2.10
version/cups/1.1.4
version/cups/1.1.23
version/cups/1.2.6
version/cups/1.2-b1
version/cups/1.1.20-rc4
version/cups/1.1.19
version/cups/1.1
version/cups/1.3.4
version/cups/1.1.8
version/cups/1.3.8
version/cups/1.1.5
version/cups/1.2.1
version/cups/1.2-rc3
version/cups/1.1.2
version/cups/1.1.13
version/cups/1.1.19-rc4
version/cups/1.1.9-1
version/cups/1.2.12
version/cups/1.1.21-rc2
version/cups/1.2-b2
version/cups/1.2.7
version/cups/1.1.6-3
version/cups/1.1.20-rc5
version/cups/1.1.9
version/cups/1.3.7
version/cups/1.1.19-rc5
version/cups/1.2-rc1
version/cups/1.1.1
version/cups/1.2.8
version/cups/1.2.2
version/cups/1.1.10
version/cups/1.2.11
version/cups/1.1.22-rc2
version/cups/1.1.21-rc1
version/cups/1.3-rc1
version/cups/1.1.11
version/cups/1.1.19-rc3
version/cups/1.1.6
version/cups/1.1.10-1
version/cups/1.3.0
version/cups/1.3.5
version/cups/1.3.6
version/cups/1.1.20-rc2
version/cups/1.1.20-rc3
version/cups/1.2.5
version/cups/1.1.19-rc2