Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5286

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5286
Last Modified 07 Mar 2011 10:14:19
Published 01 Dec 2008 10:30:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5286

Summary

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

Vulnerable Systems

Application

  • Apple Cups 1.1.17

  • Apple Cups 1.1.18

  • Apple Cups 1.1.19

  • Apple Cups 1.1.20

  • Apple Cups 1.1.21

  • Apple Cups 1.1.22

  • Apple Cups 1.1.23

  • Apple Cups 1.2

  • Apple Cups 1.2.0

  • Apple Cups 1.2.1

  • Apple Cups 1.2.10

  • Apple Cups 1.2.11

  • Apple Cups 1.2.12

  • Apple Cups 1.2.2

  • Apple Cups 1.2.3

  • Apple Cups 1.2.4

  • Apple Cups 1.2.5

  • Apple Cups 1.2.6

  • Apple Cups 1.2.7

  • Apple Cups 1.2.8

  • Apple Cups 1.2.9

  • Apple Cups 1.3

  • Apple Cups 1.3.0

  • Apple Cups 1.3.1

  • Apple Cups 1.3.2

  • Apple Cups 1.3.3

  • Apple Cups 1.3.4

  • Apple Cups 1.3.5

  • Apple Cups 1.3.6

  • Apple Cups 1.3.7

  • Apple Cups 1.3.8

  • Apple Cups 1.3.9


References

BID - 32518

CONFIRM - http://www.cups.org/str.php?L2974

XF - cups-cupsimagereadpng-overflow(46933)

VUPEN - ADV-2008-3315

SECTRACK - 1021298

REDHAT - RHSA-2008:1028

MLIST - [oss-security] 20081201 (sort of urgent) CVE Request -- cups (repost)

MANDRIVA - MDVSA-2009:029

MANDRIVA - MDVSA-2009:028

GENTOO - GLSA-200812-11

GENTOO - GLSA-200812-01

DEBIAN - DSA-1677

CONFIRM - http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt

SECUNIA - 33568

SECUNIA - 33111

SECUNIA - 33101

SECUNIA - 32962

SUSE - SUSE-SR:2009:002


Last Updated: 27 May 2016 10:48:46