CVE-2015-3279: Buffer Overflow
First published: Fri Jul 03 2015(Updated: )
An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. Patch: <a href="http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365">http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linuxfoundation Cups-filters | <=1.0.70 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =14.10 | |
| Canonical Ubuntu Linux | =15.04 | |
| Debian Debian Linux | =7.1 | |
| Debian Debian Linux | =8.0 | |
| redhat/cups-filters | <1.0.71 | 1.0.71 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2015-2360.html
- http://ubuntu.com/usn/usn-2659-1
- http://www.debian.org/security/2015/dsa-3303
- http://www.openwall.com/lists/oss-security/2015/07/03/2
- http://www.openwall.com/lists/oss-security/2015/07/03/5
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/75557
- https://bugzilla.redhat.com/show_bug.cgi?id=1238990
- https://security.gentoo.org/glsa/201510-08
- https://access.redhat.com/security/cve/CVE-2015-3259
- https://access.redhat.com/security/cve/CVE-2015-3279
- https://rhn.redhat.com/errata/RHSA-2015-2360.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3279
- agent/software-canonical-lookup
- agent/event
- agent/tags
- agent/trending
- vendor/linuxfoundation
- canonical/linuxfoundation cups-filters
- version/linuxfoundation cups-filters/1.0.70
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/14.10
- version/canonical ubuntu linux/15.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.1
- version/debian debian linux/8.0
- package-manager/redhat