Advisory ROSA-SA-2021-1817

2021-07-0216:35:49

ROSA LAB

abf.rosalinux.ru

8.8 High

AI Score

Confidence

Low

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.114 Low

EPSS

Percentile

95.2%

JSON

Software: cups-filters 1.0.35
OS: Cobalt 7.9

CVE-ID: CVE-2013-6473
CVE-Crit: MEDIUM
CVE-DESC: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 through 1.0.47 allow remote attackers to execute arbitrary code across a large (1) page or (2) lines in a URF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-6474
CVE-Crit: MEDIUM
CVE-DESC: Heap-based buffer overflow in pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code through a crafted PDF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-6476
CVE-Crit: MEDIUM
CVE-DESC: OPVPWrapper :: loadDriver feature in oprs / OPVPWrapper.cxx in pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-4336
CVE-Crit: MEDIUM
CVE-DESC: The generate_local_queue function in utils / cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the hostname. NOTE: this vulnerability exists due to an incomplete patch for CVE-2014-2707.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-2265
CVE-Crit: LOW
CVE-DESC: The remove_bad_chars function in utils / cups-browsed.c in cups-filter before 1.0.66 allows remote IPP printers to execute arbitrary commands via serial shell metacharacters in (1) model or (2) PDL. NOTE: this vulnerability exists due to an incomplete patch for CVE-2014-2707.
CVE-STATUS: default
CVE-REV: default