35 matches found
CVE-2005-3624
CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...
CVE-2002-1368
CVE-2002-1368 affects CUPS 1.1.14–1.1.17 and can be exploited remotely by sending HTTP requests with a negative Content-Length or negative chunked length, causing negative arguments to memcpy() and potentially triggering a crash or arbitrary code execution. The vulnerability arises from improper ...
CVE-2004-0889
CVE-2004-0889 involves multiple integer overflows in xpdf 3.0 and in code paths that reuse xpdf (e.g., in CUPS) that can be exploited remotely to crash the service (DoS) and potentially execute arbitrary code. The description confirms a remote impact and the possibility of code execution, tied to...
CVE-2005-0206
Technical details about CVE-2005-0206 are not provided in the connected documents. Available sources reference related issues (CVE-2004-0888) and patch notes without explicit impact, affected products, or fixes for this CVE.
CVE-2005-2874
CVE-2005-2874 affects the Common UNIX Printing System (CUPS) prior to 1.1.23, where the is_path_absolute check in scheduler/client.c can be bypassed by a crafted URL ("..\.."), leading to a denial of service via a tight CPU loop when handling HTTP requests. Public advisories (RHSA-2005:772 / CESA...
CVE-2004-1125
CVE-2004-1125 describes a buffer overflow in the Gfx::doImage function of Xpdf (xpdf/Gfx.cc) that also affects teTeX, kdegraphics (kpdf), and related code shared with xpdf. A crafted PDF can overflow the maskColors boundary, enabling denial of service or potentially arbitrary code execution on vu...
CVE-2005-3625
CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...
CVE-2005-3626
CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...
CVE-2004-0888
CVE-2004-0888 : Multiple integer overflows in xpdf (v2.0/v3.0) and in code that uses xpdf (e.g., CUPS, gpdf, kdegraphics) allow remote attackers to crash services and possibly execute arbitrary code. Some reports note 64-bit builds can exacerbate the overflow (pdftops/filter path). Remediation is...
CVE-2004-0558
The CVE-2004-0558 entry covers the Internet Printing Protocol (IPP) implementation in CUPS prior to version 1.1.21. It allows remote attackers to cause a denial of service (service hang) by sending a specific UDP packet to the IPP port. The documented impact is a partial availability degradation....
CVE-2007-5849
CVE-2007-5849 affects CUPS 1.2–1.3.4 with an integer underflow in the asn1_get_string function of the SNMP back end (backend/snmp.c). A crafted SNMP response can trigger a stack-based buffer overflow, enabling remote code execution. Public advisories (Mandriva MDVSA-2008:036, Ubuntu USN-563-1) do...
CVE-2008-1373
CVE-2008-1373 is a buffer overflow in the GIF filter (gif_read_lzw) of CUPS, allowing remote code execution via crafted GIF files. Debian's DSA-1625-1 lists CVE-2008-1373 among remote GIF filter issues and notes fixes in cupsys up to 1.2.7-4etch4 (etch) and cups 1.3.7-2 (lenny/sid). The vulnerabi...
CVE-2002-1366
CVE-2002-1366 affects Common Unix Printing System (CUPS) 1.1.14–1.1.17. It is due to race conditions related to /etc/cups/certs/ that allow local users with lp privileges to create or overwrite arbitrary files. The issue enables local privilege escalation and potential filesystem manipulation. Pu...
CVE-2002-1369
CVE-2002-1369 affects Common Unix Printing System (CUPS) 1.1.14–1.1.17, where an unsafe use of strncat while processing the options string enables a remote attacker to cause a buffer overflow and execute arbitrary code. OpenVAS and Debian security advisories (DSA-232-1/232-2) corroborate this fam...
CVE-2002-1367
CVE-2002-1367 affects Common Unix Printing System (CUPS) 1.1.14–1.1.17, allowing remote attackers to add printers without authentication via a UDP packet, enabling unauthorized actions such as stealing the local root certificate for the administration server (as demonstrated by new-coke). The Deb...
CVE-2004-1269
CVE-2004-1269 affects CUPS 1.1.22 where the lppasswd path does not remove passwd.new when a file-size resource limit is hit during writing passwd.new, causing subsequent lppasswd invocations to fail. The vulnerability is documented across multiple advisories and issue trackers related to CUPS and...
CVE-2004-1267
The CVE-2004-1267 issue is a buffer overflow in the ParseCommand function of hpgl-input.c inside hpgltops for CUPS 1.1.22, enabling remote code execution via a crafted HPGL file. Connected advisories in multiple OS families confirm the vulnerability and link it to CUPS components across environme...
CVE-2004-1268
CVE-2004-1268 concerns lppasswd in CUPS 1.1.22, where write-errors are ignored while modifying the CUPS passwd file, allowing local users to corrupt the file by exhausting the file system. The initial record notes a local-access impact (attack vector LOCAL) with partial integrity impact and no co...
CVE-2004-1270
CVE-2004-1270 affects CUPS up to 1.1.22. When lppasswd runs in environments where file descriptors 0, 1, 2 may not be open, it does not verify that passwd.new is different from STDERR, enabling a local attacker to influence output to passwd.new by triggering an error. Public references (Ubuntu US...
CVE-2001-1333
CVE-2001-1333 affects Linux CUPS prior to 1.1.6 where temporary files are not securely handled, enabling local users to overwrite files via a symlink vulnerability. The NVD data lists a local attack vector, high attack complexity, no authentication, no confidentiality impact, but partial integrit...
CVE-2002-1371
CVE-2002-1371 affects Common Unix Printing System (CUPS) versions 1.1.14 to 1.1.17. The vulnerability stems from improper handling of zero-length GIF images in filters/image-gif.c, allowing a remote attacker to execute arbitrary code via modified chunk headers (e.g., nogif). Public advisories (De...
CVE-2008-0596
CVE-2008-0596 is a memory-management flaw in CUPS (pre-1.1.22) related to removal of remote shared printers via IPP. A memory leak could lead to CUPS daemon crash or memory exhaustion after processing numerous add/remove requests. Multiple feeds (RHSA-2008:0153/0161, SL/SUSE/Mandriva advisories, ...
CVE-2004-0923
CVE-2004-0923 affects CUPS 1.1.20 and earlier, where authentication information for a device URI could be recorded in the error_log. This enables a local user to obtain usernames and passwords by reading the log. The issue is a log leakage caused by how CUPS handles device URIs with embedded cred...
CVE-2001-1332
CVE-2001-1332 affects Linux CUPS earlier than 1.1.6, where buffer overflows can allow remote code execution over the network (no authentication required; low complexity). Upstream remediation indicated as upgrading to 1.1.7 or newer (Mandrake/MK advisories reference upstream fix). If upgrading is...
CVE-2002-1383
CVE-2002-1383 corresponds to multiple integer overflows in the Common Unix Printing System (CUPS) versions 1.1.14–1.1.17. The issue allows a remote attacker to execute arbitrary code via the CUPSd HTTP interface or via the image handling code in CUPS filters. Connected advisories (e.g., Debian DS...
CVE-2004-0926
CVE-2004-0926 : A heap-based buffer overflow in Apple QuickTime’s BMP image decoding on Mac OS X 10.2.8–10.3.5 may allow remote code execution. The vulnerability is tied to QuickTime’s BMP handling; no remediation/patch information is provided in the supplied documents, and exploitation status is...
CVE-2002-1384
CVE-2002-1384 affects pdftops in Xpdf 2.01 and earlier, Xpdf-i, and CUPS pre-1.1.18. An integer overflow in a ColorSpace entry with many elements can allow a local attacker to execute arbitrary code (via cups-pdf) on the affected host. Debian OpenVAS advisories (DSA 222-1, 226-1, 232-1/2) and his...
CVE-2008-0597
CVE-2008-0597 involves a use-after-free in CUPS prior to 1.1.22 exploited by crafted UDP IPP packets, allowing a remote attacker to crash the CUPS daemon (DoS). Related issues CVE-2008-0596 and CVE-2008-0882 describe additional memory-management flaws (double-free/memory leak) that can crash or e...
CVE-2004-0924
CVE-2004-0924 affects NetInfo Manager on Mac OS X 10.3.x up to 10.3.5. After an initial root login, it reports the root account as disabled even when it has not, implying a misleading status indication. The available sources confirm the issue but do not provide concrete remediation steps or patch...
CVE-2005-2525
CVE-2005-2525 affects CUPS in Mac OS X 10.3.9 and 10.4.2, where the process fails to properly close file descriptors when handling multiple simultaneous print jobs, enabling remote denial-of-service that can halt printing. The connected Nessus plugin notes this as part of Security Update 2005-007...
CVE-2002-0063
CVE-2002-0063 affects CUPS prior to 1.1.14, where a buffer overflow in ippRead (triggered by long attribute names or language values) could allow remote arbitrary-code execution. Upstream fixes exist in 1.1.14+; debian/mandrake advisories reference this fix. Remediation: upgrade CUPS to 1.1.14 or...
CVE-2003-0788
CVE-2003-0788 affects the CUPS IPP implementation prior to 1.1.19. A bug in the IPP handling can cause a remote denial of service via inputs to the IPP port (TCP 631), creating a busy-loop that consumes CPU. Remediations are provided by vendor advisories (e.g., Red Hat RHSA-2003:275, Mandrake MDK...
CVE-2004-0927
CVE-2004-0927 affects Mac OS X ServerAdmin (versions 10.2.8–10.3.5). The issue arises from using the same example self-signed certificate across systems, enabling remote attackers to decrypt sessions. The connected documents corroborate the core vulnerability description across multiple sources (...
CVE-2005-2526
CVE-2005-2526 affects CUPS in Mac OS X 10.3.9 and 10.4.2. It allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. The available sources confirm the affected product and the vulnerability mechanism, but do not provide a...
CVE-2001-0194
CVE-2001-0194: A buffer overflow in the httpGets function of CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. The vulnerability affects CUPS 1.1.5 and is rated high severity (CVSS vector: Network, No authentication, all confidentiality/integrity/availability...