CVE-2015-3258: Buffer Overflow
First published: Wed Jun 24 2015(Updated: )
A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. Acknowledgements: This issue was discovered by Petr Sklenar of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =14.10 | |
| Canonical Ubuntu Linux | =15.04 | |
| Debian Debian Linux | =7.1 | |
| Debian Debian Linux | =8.0 | |
| Linuxfoundation Cups-filters | <=1.0.70 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/attachment.cgi?id=993617&action=diff
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363
- https://rhn.redhat.com/errata/RHSA-2015-2360.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1235385
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2015-2360.html
- http://ubuntu.com/usn/usn-2659-1
- http://www.debian.org/security/2015/dsa-3303
- http://www.openwall.com/lists/oss-security/2015/06/26/4
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/75436
- https://security.gentoo.org/glsa/201510-08
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3258
- agent/weakness
- agent/tags
- agent/trending
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/14.10
- version/canonical ubuntu linux/15.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.1
- version/debian debian linux/8.0
- vendor/linuxfoundation
- canonical/linuxfoundation cups-filters
- version/linuxfoundation cups-filters/1.0.70