CVE-2013-6474: Buffer Overflow
First published: Thu Nov 07 2013(Updated: )
A heap-based buffer overflow flaw was found in the pdftoopvp filter. If a malicious PDF file were processed, it could lead to arbitrary code execution with the privileges of the "lp" user. This issue was due to the following fix not being present in pdftoopvp: <a href="https://bugs.freedesktop.org/show_bug.cgi?id=17326">https://bugs.freedesktop.org/show_bug.cgi?id=17326</a> <a href="http://lists.freedesktop.org/archives/poppler/2008-August/004021.html">http://lists.freedesktop.org/archives/poppler/2008-August/004021.html</a> Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/cups | 2.3.3op2-3+deb11u6 2.3.3op2-3+deb11u2 2.4.2-3+deb12u5 2.4.10-1 | |
| debian/cups-filters | 1.28.7-1+deb11u2 1.28.17-3 1.28.17-4.1 | |
| CUPS Filters | <=1.0.46 | |
| CUPS Filters | =1.0 | |
| CUPS Filters | =1.0.1 | |
| CUPS Filters | =1.0.2 | |
| CUPS Filters | =1.0.3 | |
| CUPS Filters | =1.0.4 | |
| CUPS Filters | =1.0.5 | |
| CUPS Filters | =1.0.6 | |
| CUPS Filters | =1.0.7 | |
| CUPS Filters | =1.0.8 | |
| CUPS Filters | =1.0.9 | |
| CUPS Filters | =1.0.10 | |
| CUPS Filters | =1.0.11 | |
| CUPS Filters | =1.0.12 | |
| CUPS Filters | =1.0.13 | |
| CUPS Filters | =1.0.14 | |
| CUPS Filters | =1.0.15 | |
| CUPS Filters | =1.0.16 | |
| CUPS Filters | =1.0.17 | |
| CUPS Filters | =1.0.18 | |
| CUPS Filters | =1.0.19 | |
| CUPS Filters | =1.0.20 | |
| CUPS Filters | =1.0.21 | |
| CUPS Filters | =1.0.22 | |
| CUPS Filters | =1.0.23 | |
| CUPS Filters | =1.0.24 | |
| CUPS Filters | =1.0.25 | |
| CUPS Filters | =1.0.26 | |
| CUPS Filters | =1.0.27 | |
| CUPS Filters | =1.0.28 | |
| CUPS Filters | =1.0.29 | |
| CUPS Filters | =1.0.30 | |
| CUPS Filters | =1.0.31 | |
| CUPS Filters | =1.0.32 | |
| CUPS Filters | =1.0.33 | |
| CUPS Filters | =1.0.34 | |
| CUPS Filters | =1.0.35 | |
| CUPS Filters | =1.0.36 | |
| CUPS Filters | =1.0.37 | |
| CUPS Filters | =1.0.38 | |
| CUPS Filters | =1.0.39 | |
| CUPS Filters | =1.0.40 | |
| CUPS Filters | =1.0.41 | |
| CUPS Filters | =1.0.42 | |
| CUPS Filters | =1.0.43 | |
| CUPS Filters | =1.0.44 | |
| CUPS Filters | =1.0.45 | |
| Ubuntu | =10.04 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.10 | |
| Debian | ||
| Fedora |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.freedesktop.org/show_bug.cgi?id=17326
- http://lists.freedesktop.org/archives/poppler/2008-August/004021.html
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1074840
- https://bugzilla.redhat.com/show_bug.cgi?id=1027548
- https://security-tracker.debian.org/tracker/CVE-2013-6474
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66163
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
Frequently Asked Questions
What is the severity of CVE-2013-6474?
CVE-2013-6474 is classified as a critical vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2013-6474?
To fix CVE-2013-6474, update the affected packages to the latest versions specified in the advisory.
What systems are affected by CVE-2013-6474?
CVE-2013-6474 affects multiple versions of the CUPS and CUPS-filters packages on various Linux distributions.
Can CVE-2013-6474 be exploited remotely?
Yes, CVE-2013-6474 can be exploited remotely by processing a malicious PDF file.
Does CVE-2013-6474 affect all versions of CUPS?
No, CVE-2013-6474 specifically affects versions of CUPS and CUPS-filters prior to certain patched releases.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-6474
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/linuxfoundation
- canonical/cups filters
- version/cups filters/1.0.46
- version/cups filters/1.0
- version/cups filters/1.0.1
- version/cups filters/1.0.2
- version/cups filters/1.0.3
- version/cups filters/1.0.4
- version/cups filters/1.0.5
- version/cups filters/1.0.6
- version/cups filters/1.0.7
- version/cups filters/1.0.8
- version/cups filters/1.0.9
- version/cups filters/1.0.10
- version/cups filters/1.0.11
- version/cups filters/1.0.12
- version/cups filters/1.0.13
- version/cups filters/1.0.14
- version/cups filters/1.0.15
- version/cups filters/1.0.16
- version/cups filters/1.0.17
- version/cups filters/1.0.18
- version/cups filters/1.0.19
- version/cups filters/1.0.20
- version/cups filters/1.0.21
- version/cups filters/1.0.22
- version/cups filters/1.0.23
- version/cups filters/1.0.24
- version/cups filters/1.0.25
- version/cups filters/1.0.26
- version/cups filters/1.0.27
- version/cups filters/1.0.28
- version/cups filters/1.0.29
- version/cups filters/1.0.30
- version/cups filters/1.0.31
- version/cups filters/1.0.32
- version/cups filters/1.0.33
- version/cups filters/1.0.34
- version/cups filters/1.0.35
- version/cups filters/1.0.36
- version/cups filters/1.0.37
- version/cups filters/1.0.38
- version/cups filters/1.0.39
- version/cups filters/1.0.40
- version/cups filters/1.0.41
- version/cups filters/1.0.42
- version/cups filters/1.0.43
- version/cups filters/1.0.44
- version/cups filters/1.0.45
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.10
- vendor/debian
- canonical/debian
- vendor/fedoraproject
- canonical/fedora