4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.015 Low
EPSS
Percentile
86.6%
CUPS contains an integer overflow that may allow a remote attacker to cause a vulnerable system to crash.
The Common Unix Printing System (CUPS
) is a print server that is used and distributed by many Unix-like operating systems. CUPS contains an integer overflow vulnerability that occurs in its image processing library.
From the CUPS bug tracker:
_1)filter/image-png.c
img->xsize * img->ysize may overflow (CUPS_IMAGE_MAX_WIDTH and CUPS_IMAGE_MAX_HEIGHT are too big for multiplication).
malloc(img->xsize * img->ysize * 3) can result in a buffer thatβs too small. Also, the return codes of alot of the mallocs arenβt checked, when a NULL pointer is passed to png_read_row, it may be possible to corrupt memory this way as well. I have a .png that does this._
Users who obtain CUPS from their operating system vendor should see the systems affected portion of this document for a partial list of affected vendors.
Upgrade
Versions newer than 1.3.7 available from the CUPS SVN server have applied a fix to address this issue. Users who obtain CUPS from their operating system vendor should see the systems affected portion of this document for more details.
Restrict access
Restricting access to CUPS servers by using the CUPS configuration directives, firewall rules, or access control lists may mitigate this vulnerability. By default, cupsd listens on port 631/udp
. Systems that use CUPS exclusively for local printing should set the Listen directive to localhost:631 in the cupsd configuration file to prevent remote systems from exploiting this vulnerability.
218395
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 25, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 30, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See _<http://www.gentoo.org/security/en/glsa/glsa-200804-23.xml>_ for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23218395 Feedback>).
Notified: April 25, 2008 Updated: April 30, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Juniper Networks products are not susceptible to this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23218395 Feedback>).
Notified: April 25, 2008 Updated: April 30, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 30, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: April 25, 2008 Updated: April 25, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 41 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Dean Reges.
CVE IDs: | CVE-2008-1722 |
---|---|
Severity Metric: | 8.33 Date Public: |