6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.1%
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon crash)
and possibly execute arbitrary code via a crafted TIFF image, which is not
properly handled by the (1) _cupsImageReadTIFF function in the imagetops
filter and (2) imagetoraster filter, leading to a heap-based buffer
overflow.
Author | Note |
---|---|
kees | cups/CVE-2009-0163.patch |
jdstrand | without a reproducer, AFAICS cups with libtiff should be vulnerable as libtiff doesnβt error out on images with a height (ImageLength) larger than 0x3fffffff (2^30-1) |