CVE-2002-1371Software Products Cups vulnerability

7 documents7 sources
Severity
7.5HIGHNVD
EPSS
5.9%
top 9.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple CupsApple MAC OS XEasy Software Products Cups
Timeline
PublishedDec 26
Latest updateApr 30

Description

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Debianapple/cups< 1.1.18-1+3
NVDeasy_software_products/cups13 versions+12
NVDapple/mac_os_x10.2, 10.2.2+1

🔴Vulnerability Details

3
GHSA
GHSA-v85m-c74w-mhg8: filters/image-gif2022-04-30
CVEList
CVE-2002-1371: filters/image-gif2004-09-01
OSV
CVE-2002-1371: filters/image-gif2002-12-26

📋Vendor Advisories

2
Red Hat
security flaw2002-12-19
Debian
CVE-2002-1371: cups - filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...2002

💬Community

1
Bugzilla
CVE-2002-1371 security flaw2018-08-16
CVE-2002-1371 — Software Products Cups vulnerability | cvebase