REDHAT-BUG-1235385: Buffer Overflow
First published: Wed Jun 24 2015(Updated: )
A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user. Acknowledgements: This issue was discovered by Petr Sklenar of Red Hat.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CUPS Filters |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-1235385?
The severity of REDHAT-BUG-1235385 is high due to the potential for a heap-based buffer overflow that could allow an attacker to execute arbitrary code.
How do I fix REDHAT-BUG-1235385?
To fix REDHAT-BUG-1235385, update to the latest version of cups-filters that addresses this vulnerability.
Who is affected by REDHAT-BUG-1235385?
Users of the OpenPrinting cups-filters utility are affected by REDHAT-BUG-1235385.
What type of vulnerability is REDHAT-BUG-1235385?
REDHAT-BUG-1235385 is a heap-based buffer overflow vulnerability.
Can REDHAT-BUG-1235385 be exploited remotely?
Yes, REDHAT-BUG-1235385 can be exploited if an attacker can submit specially crafted print jobs.
- agent/type
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3258
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openprinting
- canonical/cups filters