CVE-2002-1384 — Software Products Cups vulnerability

7 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Xpdf Easy Software Products Cups

Timeline

PublishedJan 2

Latest updateApr 30

Description

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶Debianxpdf/xpdf< 2.01-2+3

▶Debianapple/cups< 1.1.18-1+3

▶NVDxpdf/xpdf7 versions+6

▶NVDeasy_software_products/cups13 versions+12

Patches

Patch: www.idefense.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-9542-fgmx-fggg: Integer overflow in pdftops, as used in Xpdf 2↗2022-04-30

▶

CVEList

CVE-2002-1384: Integer overflow in pdftops, as used in Xpdf 2↗2004-09-01

▶

OSV

CVE-2002-1384: Integer overflow in pdftops, as used in Xpdf 2↗2003-01-02

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-12-23

▶

Debian

CVE-2002-1384: cups - Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS ...↗2002

▶

💬Community

Bugzilla

CVE-2002-1384 security flaw↗2018-08-16

▶