CVE-2015-3258: Buffer Overflow
First published: Wed Jun 24 2015(Updated: )
A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. Acknowledgements: This issue was discovered by Petr Sklenar of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =14.10 | |
| Ubuntu | =15.04 | |
| Debian | =7.1 | |
| Debian | =8.0 | |
| CUPS Filters | <=1.0.70 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/attachment.cgi?id=993617&action=diff
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363
- https://rhn.redhat.com/errata/RHSA-2015-2360.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1235385
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2015-2360.html
- http://ubuntu.com/usn/usn-2659-1
- http://www.debian.org/security/2015/dsa-3303
- http://www.openwall.com/lists/oss-security/2015/06/26/4
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/75436
- https://security.gentoo.org/glsa/201510-08
Frequently Asked Questions
What is the severity of CVE-2015-3258?
CVE-2015-3258 is considered to have a medium severity rating due to its potential to allow an attacker to execute arbitrary code.
How do I fix CVE-2015-3258?
To fix CVE-2015-3258, upgrade the cups-filters package to the latest version that is not vulnerable.
Which platforms are affected by CVE-2015-3258?
CVE-2015-3258 affects various versions of Ubuntu Linux and Debian, specifically versions 12.04, 14.04, 14.10, 15.04, and 7.1, 8.0 respectively.
What kind of exploit can be executed with CVE-2015-3258?
An attacker can exploit CVE-2015-3258 by submitting specially crafted print jobs to crash the texttopdf utility or potentially execute code with elevated privileges.
What component is vulnerable in CVE-2015-3258?
The vulnerability in CVE-2015-3258 lies in the way the texttopdf utility processes print jobs in the cups-filters package.
- agent/type
- agent/references
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3258
- agent/weakness
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/14.10
- version/ubuntu/15.04
- vendor/debian
- canonical/debian
- version/debian/7.1
- version/debian/8.0
- vendor/linuxfoundation
- canonical/cups filters
- version/cups filters/1.0.70