CVE-2013-6474: Buffer Overflow
First published: Thu Nov 07 2013(Updated: )
A heap-based buffer overflow flaw was found in the pdftoopvp filter. If a malicious PDF file were processed, it could lead to arbitrary code execution with the privileges of the "lp" user. This issue was due to the following fix not being present in pdftoopvp: <a href="https://bugs.freedesktop.org/show_bug.cgi?id=17326">https://bugs.freedesktop.org/show_bug.cgi?id=17326</a> <a href="http://lists.freedesktop.org/archives/poppler/2008-August/004021.html">http://lists.freedesktop.org/archives/poppler/2008-August/004021.html</a> Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linuxfoundation Cups-filters | <=1.0.46 | |
| Linuxfoundation Cups-filters | =1.0 | |
| Linuxfoundation Cups-filters | =1.0.1 | |
| Linuxfoundation Cups-filters | =1.0.2 | |
| Linuxfoundation Cups-filters | =1.0.3 | |
| Linuxfoundation Cups-filters | =1.0.4 | |
| Linuxfoundation Cups-filters | =1.0.5 | |
| Linuxfoundation Cups-filters | =1.0.6 | |
| Linuxfoundation Cups-filters | =1.0.7 | |
| Linuxfoundation Cups-filters | =1.0.8 | |
| Linuxfoundation Cups-filters | =1.0.9 | |
| Linuxfoundation Cups-filters | =1.0.10 | |
| Linuxfoundation Cups-filters | =1.0.11 | |
| Linuxfoundation Cups-filters | =1.0.12 | |
| Linuxfoundation Cups-filters | =1.0.13 | |
| Linuxfoundation Cups-filters | =1.0.14 | |
| Linuxfoundation Cups-filters | =1.0.15 | |
| Linuxfoundation Cups-filters | =1.0.16 | |
| Linuxfoundation Cups-filters | =1.0.17 | |
| Linuxfoundation Cups-filters | =1.0.18 | |
| Linuxfoundation Cups-filters | =1.0.19 | |
| Linuxfoundation Cups-filters | =1.0.20 | |
| Linuxfoundation Cups-filters | =1.0.21 | |
| Linuxfoundation Cups-filters | =1.0.22 | |
| Linuxfoundation Cups-filters | =1.0.23 | |
| Linuxfoundation Cups-filters | =1.0.24 | |
| Linuxfoundation Cups-filters | =1.0.25 | |
| Linuxfoundation Cups-filters | =1.0.26 | |
| Linuxfoundation Cups-filters | =1.0.27 | |
| Linuxfoundation Cups-filters | =1.0.28 | |
| Linuxfoundation Cups-filters | =1.0.29 | |
| Linuxfoundation Cups-filters | =1.0.30 | |
| Linuxfoundation Cups-filters | =1.0.31 | |
| Linuxfoundation Cups-filters | =1.0.32 | |
| Linuxfoundation Cups-filters | =1.0.33 | |
| Linuxfoundation Cups-filters | =1.0.34 | |
| Linuxfoundation Cups-filters | =1.0.35 | |
| Linuxfoundation Cups-filters | =1.0.36 | |
| Linuxfoundation Cups-filters | =1.0.37 | |
| Linuxfoundation Cups-filters | =1.0.38 | |
| Linuxfoundation Cups-filters | =1.0.39 | |
| Linuxfoundation Cups-filters | =1.0.40 | |
| Linuxfoundation Cups-filters | =1.0.41 | |
| Linuxfoundation Cups-filters | =1.0.42 | |
| Linuxfoundation Cups-filters | =1.0.43 | |
| Linuxfoundation Cups-filters | =1.0.44 | |
| Linuxfoundation Cups-filters | =1.0.45 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 | |
| Canonical Ubuntu Linux | =13.10 | |
| Debian Debian Linux | ||
| Fedoraproject Fedora | ||
| debian/cups | 2.3.3op2-3+deb11u6 2.3.3op2-3+deb11u2 2.4.2-3+deb12u5 2.4.10-1 | |
| debian/cups-filters | 1.28.7-1+deb11u2 1.28.17-3 1.28.17-4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.freedesktop.org/show_bug.cgi?id=17326
- http://lists.freedesktop.org/archives/poppler/2008-August/004021.html
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1074840
- https://bugzilla.redhat.com/show_bug.cgi?id=1027548
- https://security-tracker.debian.org/tracker/CVE-2013-6474
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66163
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-6474
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/linuxfoundation
- canonical/linuxfoundation cups-filters
- version/linuxfoundation cups-filters/1.0.46
- version/linuxfoundation cups-filters/1.0
- version/linuxfoundation cups-filters/1.0.1
- version/linuxfoundation cups-filters/1.0.2
- version/linuxfoundation cups-filters/1.0.3
- version/linuxfoundation cups-filters/1.0.4
- version/linuxfoundation cups-filters/1.0.5
- version/linuxfoundation cups-filters/1.0.6
- version/linuxfoundation cups-filters/1.0.7
- version/linuxfoundation cups-filters/1.0.8
- version/linuxfoundation cups-filters/1.0.9
- version/linuxfoundation cups-filters/1.0.10
- version/linuxfoundation cups-filters/1.0.11
- version/linuxfoundation cups-filters/1.0.12
- version/linuxfoundation cups-filters/1.0.13
- version/linuxfoundation cups-filters/1.0.14
- version/linuxfoundation cups-filters/1.0.15
- version/linuxfoundation cups-filters/1.0.16
- version/linuxfoundation cups-filters/1.0.17
- version/linuxfoundation cups-filters/1.0.18
- version/linuxfoundation cups-filters/1.0.19
- version/linuxfoundation cups-filters/1.0.20
- version/linuxfoundation cups-filters/1.0.21
- version/linuxfoundation cups-filters/1.0.22
- version/linuxfoundation cups-filters/1.0.23
- version/linuxfoundation cups-filters/1.0.24
- version/linuxfoundation cups-filters/1.0.25
- version/linuxfoundation cups-filters/1.0.26
- version/linuxfoundation cups-filters/1.0.27
- version/linuxfoundation cups-filters/1.0.28
- version/linuxfoundation cups-filters/1.0.29
- version/linuxfoundation cups-filters/1.0.30
- version/linuxfoundation cups-filters/1.0.31
- version/linuxfoundation cups-filters/1.0.32
- version/linuxfoundation cups-filters/1.0.33
- version/linuxfoundation cups-filters/1.0.34
- version/linuxfoundation cups-filters/1.0.35
- version/linuxfoundation cups-filters/1.0.36
- version/linuxfoundation cups-filters/1.0.37
- version/linuxfoundation cups-filters/1.0.38
- version/linuxfoundation cups-filters/1.0.39
- version/linuxfoundation cups-filters/1.0.40
- version/linuxfoundation cups-filters/1.0.41
- version/linuxfoundation cups-filters/1.0.42
- version/linuxfoundation cups-filters/1.0.43
- version/linuxfoundation cups-filters/1.0.44
- version/linuxfoundation cups-filters/1.0.45
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10
- version/canonical ubuntu linux/13.10
- vendor/debian
- canonical/debian debian linux
- vendor/fedoraproject
- canonical/fedoraproject fedora
- package-manager/debian