7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.059 Low
EPSS
Percentile
93.4%
Package : cups
Version : 1.4.4-7+squeeze10
CVE ID : CVE-2015-3258 CVE-2015-3279
Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups
filters, was susceptible to multiple heap-based buffer and integer overflows
due to improper handling of print jobs. This could allow remote attackers to
crash texttopdf or possibly execute arbitrary code.
For Debian 6 "Squeeze", this issue has been fixed in cups version
1.4.4-7+squeeze10. For Wheezy and Jessie, this has been fixed in the
cups-filter package. We recommend you to upgrade your cups packages.
Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | cups-client | < 1.4.4-7+squeeze10 | cups-client_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | libcupscgi1-dev | < 1.4.4-7+squeeze10 | libcupscgi1-dev_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | cupsddk | < 1.4.4-7+squeeze10 | cupsddk_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | libcupsdriver1-dev | < 1.4.4-7+squeeze10 | libcupsdriver1-dev_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | libcups2-dev | < 1.4.4-7+squeeze10 | libcups2-dev_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | libcupsmime1 | < 1.4.4-7+squeeze10 | libcupsmime1_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | libcups2 | < 1.4.4-7+squeeze10 | libcups2_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | cups-common | < 1.4.4-7+squeeze10 | cups-common_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | libcupsimage2-dev | < 1.4.4-7+squeeze10 | libcupsimage2-dev_1.4.4-7+squeeze10_all.deb |
Debian | 6 | all | libcupsimage2 | < 1.4.4-7+squeeze10 | libcupsimage2_1.4.4-7+squeeze10_all.deb |