CVE-2015-3279: Buffer Overflow
First published: Fri Jul 03 2015(Updated: )
An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. Patch: <a href="http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365">http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/cups-filters | <1.0.71 | 1.0.71 |
| CUPS Filters | <=1.0.70 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =14.10 | |
| Ubuntu | =15.04 | |
| Debian | =7.1 | |
| Debian | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2015-2360.html
- http://ubuntu.com/usn/usn-2659-1
- http://www.debian.org/security/2015/dsa-3303
- http://www.openwall.com/lists/oss-security/2015/07/03/2
- http://www.openwall.com/lists/oss-security/2015/07/03/5
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/75557
- https://bugzilla.redhat.com/show_bug.cgi?id=1238990
- https://security.gentoo.org/glsa/201510-08
- https://access.redhat.com/security/cve/CVE-2015-3259
- https://access.redhat.com/security/cve/CVE-2015-3279
- https://rhn.redhat.com/errata/RHSA-2015-2360.html
Frequently Asked Questions
What is the severity of CVE-2015-3279?
CVE-2015-3279 has been classified with a high severity rating due to its potential to cause crashes and possibly execute arbitrary code.
How do I fix CVE-2015-3279?
To fix CVE-2015-3279, update the cups-filters package to version 1.0.71 or higher.
Which software versions are affected by CVE-2015-3279?
Affected software includes cups-filters versions up to 1.0.70 and various versions of Ubuntu and Debian Linux.
What types of attacks can exploit CVE-2015-3279?
An attacker can exploit CVE-2015-3279 by submitting specially crafted print jobs that trigger an integer overflow leading to a heap-based buffer overflow.
Is CVE-2015-3279 a local or remote vulnerability?
CVE-2015-3279 is considered a local vulnerability as it requires the attacker to have the ability to submit print jobs.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3279
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/linuxfoundation
- canonical/cups filters
- version/cups filters/1.0.70
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/14.10
- version/ubuntu/15.04
- vendor/debian
- canonical/debian
- version/debian/7.1
- version/debian/8.0