[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#535489: cups: CVE-2009-0791 integer overflow vulnerabilities

Package: cups
Version: 1.3.8-1+lenny6
Severity: serious
Tags: security , patch

the following CVE (Common Vulnerabilities & Exposures) id was
published for cups.

| Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
| 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a crafted
| PDF file that triggers a heap-based buffer overflow, possibly related
| to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
| JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/.  NOTE: the
| JBIG2Stream.cxx vector may overlap CVE-2009-1179.

See redhat bug for patch [1].

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
[1] https://bugzilla.redhat.com/show_bug.cgi?id=491840

Reply to: