CVE-2008-1373 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Products Cups

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

5.8MEDIUMNVD

CNA2.6OSV2.6

EPSS

7.5%

top 8.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Easy Software Products Cups

Timeline

PublishedApr 4

Latest updateMay 1

Description

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

CVSS vector

AV:A/AC:L/C:P/I:P/A:PExploitability: 6.5 | Impact: 6.4

Affected Packages2 packages

▶Debianapple/cups< 1.3.7-1+3

▶NVDeasy_software_products/cups1.3.6

Patches

Patch: www.cups.org ↗Patch: www.cups.org ↗

🔴Vulnerability Details

GHSA

GHSA-4gx2-wfcv-mvp8: Buffer overflow in the gif_read_lzw function in CUPS 1↗2022-05-01

▶

OSV

CVE-2008-1373: Buffer overflow in the gif_read_lzw function in CUPS 1↗2008-04-04

▶

CVEList

CVE-2008-1373: Buffer overflow in the gif_read_lzw function in CUPS 1↗2008-04-04

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2008-04-02

▶

Red Hat

cups: overflow in gif image filter↗2008-04-01

▶

Debian

CVE-2008-1373: cups - Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attacke...↗2008

▶

💬Community

Bugzilla

CVE-2009-1376 CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 Multiple pidgin vulnerabilities↗2009-05-26

▶

Bugzilla

CVE-2008-1373 cups: overflow in gif image filter↗2008-03-20

▶