Lucene search
Gentoo FoundationGLSA-200501-30HistoryJan 22, 2005 - 12:00 a.m.
CUPS: Stack overflow in included Xpdf code
2005-01-2200:00:00
Gentoo Foundation
security.gentoo.org
11
0.096 Low
EPSS
Percentile
94.7%
Background
The Common UNIX Printing System (CUPS) is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files.
Description
The Decrypt::makeFileKey2 function in Xpdf’s Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files (GLSA 200501-28).
Impact
This issue could be exploited by a remote attacker to execute arbitrary code by sending a malicious print job to a CUPS spooler.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-print/cups | < 1.1.23-r1 | UNKNOWN |
Related
nessus
nessus
GLSA-200501-28 : Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
2005-02-14 00:00:00
Mandrake Linux Security Advisory : koffice (MDKSA-2005:019)
2005-01-26 00:00:00
GLSA-200501-30 : CUPS: Stack overflow in included Xpdf code
2005-02-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 648-1 (xpdf)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200501-30 (CUPS)
2008-09-24 00:00:00
FreeBSD Ports: xpdf
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 648-1] New xpdf packages fix arbitrary code execution
2005-01-19 13:40:49
[SECURITY] [DSA 648-1] New xpdf packages fix arbitrary code execution
2005-01-19 00:00:00
[SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution
2005-01-19 07:45:43
redhat
redhat
(RHSA-2005:059) xpdf security update
2005-01-26 00:00:00
(RHSA-2005:049) cups security update
2005-02-01 00:00:00
(RHSA-2005:026) tetex security update
2005-03-16 00:00:00
gentoo
gentoo
KPdf, KOffice: Stack overflow in included Xpdf code
2005-01-23 00:00:00
Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
2005-01-21 00:00:00
libextractor: Multiple overflow vulnerabilities
2005-06-09 00:00:00
debiancve
debiancve
CVE-2005-0064
2005-05-02 04:00:00
osv
osv
xpdf - buffer overflow
2005-01-19 00:00:00
cupsys - buffer overflow
2005-01-19 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: cups-1.2.8-1.fc5
2007-03-14 20:14:24
altlinux
altlinux
Security fix for the ALT Linux 5 package xpdf version 3.00-alt5pl3
2005-01-19 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow
2005-01-19 00:00:00
[ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities
2005-06-10 00:00:00
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities
2005-01-26 00:00:00
freebsd
freebsd
xpdf -- makeFileKey2() buffer overflow vulnerability
2005-01-06 00:00:00
ubuntu
ubuntu
xpdf, CUPS vulnerabilities
2005-01-19 00:00:00
ubuntucve
ubuntucve
CVE-2005-0064
2005-05-02 00:00:00
cvelist
cvelist
CVE-2005-0064
2005-01-19 05:00:00
cve
cve
CVE-2005-0064
2005-05-02 04:00:00
oraclelinux
oraclelinux
kdegraphics security update
2006-11-30 00:00:00
cert
cert
mod_python vulnerable to information disclosure via crafted URL
2005-02-21 00:00:00