CVE-2008-5286: Buffer Overflow

First published: Mon Dec 01 2008(Updated: )

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apple Cups	=1.1.20
Apple Cups	=1.3.9
Apple Cups	=1.3-rc2
Apple Cups	=1.1.18
Apple Cups	=1.3.3
Apple Cups	=1.1.22
Apple Cups	=1.2.0
Apple Cups	=1.3.1
Apple Cups	=1.1.23-rc1
Apple Cups	=1.1.20-rc1
Apple Cups	=1.1.17
Apple Cups	=1.1.20-rc6
Apple Cups	=1.2.4
Apple Cups	=1.1.19-rc1
Apple Cups	=1.3.2
Apple Cups	=1.1.22-rc1
Apple Cups	=1.2-rc2
Apple Cups	=1.3-b1
Apple Cups	=1.2.3
Apple Cups	=1.1.21
Apple Cups	=1.2.9
Apple Cups	=1.2.10
Apple Cups	=1.1.23
Apple Cups	=1.2.6
Apple Cups	=1.2-b1
Apple Cups	=1.3.8
Apple Cups	=1.1.20-rc4
Apple Cups	=1.1.19
Apple Cups	=1.3.4
Apple Cups	=1.2.1
Apple Cups	=1.2-rc3
Apple Cups	=1.1.19-rc4
Apple Cups	=1.2.12
Apple Cups	=1.1.21-rc2
Apple Cups	=1.2-b2
Apple Cups	=1.2.7
Apple Cups	=1.1.20-rc5
Apple Cups	=1.3.7
Apple Cups	=1.1.19-rc5
Apple Cups	=1.2-rc1
Apple Cups	=1.2.8
Apple Cups	=1.2.2
Apple Cups	=1.2.11
Apple Cups	=1.1.22-rc2
Apple Cups	=1.1.21-rc1
Apple Cups	=1.3-rc1
Apple Cups	=1.1.19-rc3
Apple Cups	=1.3.0
Apple Cups	=1.3.5
Apple Cups	=1.3.6
Apple Cups	=1.1.20-rc2
Apple Cups	=1.1.20-rc3
Apple Cups	=1.2.5
Apple Cups	=1.1.19-rc2

Remedy

http://www.cups.org/str.php?L2974

Remedy

http://www.securityfocus.com/bid/32518

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/author
agent/severity
agent/weakness
agent/references
agent/type
agent/description
agent/event
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple cups
version/apple cups/1.1.20
version/apple cups/1.3.9
version/apple cups/1.3-rc2
version/apple cups/1.1.18
version/apple cups/1.3.3
version/apple cups/1.1.22
version/apple cups/1.2.0
version/apple cups/1.3.1
version/apple cups/1.1.23-rc1
version/apple cups/1.1.20-rc1
version/apple cups/1.1.17
version/apple cups/1.1.20-rc6
version/apple cups/1.2.4
version/apple cups/1.1.19-rc1
version/apple cups/1.3.2
version/apple cups/1.1.22-rc1
version/apple cups/1.2-rc2
version/apple cups/1.3-b1
version/apple cups/1.2.3
version/apple cups/1.1.21
version/apple cups/1.2.9
version/apple cups/1.2.10
version/apple cups/1.1.23
version/apple cups/1.2.6
version/apple cups/1.2-b1
version/apple cups/1.3.8
version/apple cups/1.1.20-rc4
version/apple cups/1.1.19
version/apple cups/1.3.4
version/apple cups/1.2.1
version/apple cups/1.2-rc3
version/apple cups/1.1.19-rc4
version/apple cups/1.2.12
version/apple cups/1.1.21-rc2
version/apple cups/1.2-b2
version/apple cups/1.2.7
version/apple cups/1.1.20-rc5
version/apple cups/1.3.7
version/apple cups/1.1.19-rc5
version/apple cups/1.2-rc1
version/apple cups/1.2.8
version/apple cups/1.2.2
version/apple cups/1.2.11
version/apple cups/1.1.22-rc2
version/apple cups/1.1.21-rc1
version/apple cups/1.3-rc1
version/apple cups/1.1.19-rc3
version/apple cups/1.3.0
version/apple cups/1.3.5
version/apple cups/1.3.6
version/apple cups/1.1.20-rc2
version/apple cups/1.1.20-rc3
version/apple cups/1.2.5
version/apple cups/1.1.19-rc2

CVE-2008-5286: Buffer Overflow

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact