CVE-2008-1722 — Improper Input Validation in Cups

CWE-20 — Improper Input Validation CWE-190 — Integer Overflow or Wraparound11 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

4.2%

top 11.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Cups

Timeline

PublishedApr 10

Latest updateMay 1

Description

Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianapple/cups< 1.3.7-2+3

▶NVDcups/cups1.3

Patches

Patch: www.cups.org ↗Patch: www.cups.org ↗

🔴Vulnerability Details

GHSA

GHSA-v23p-4xpj-h834: Multiple integer overflows in (1) filter/image-png↗2022-05-01

▶

OSV

CVE-2008-1722: Multiple integer overflows in (1) filter/image-png↗2008-04-10

▶

CVEList

CVE-2008-1722: Multiple integer overflows in (1) filter/image-png↗2008-04-10

▶

📋Vendor Advisories

Red Hat

cups: Incomplete fix for CVE-2008-1722↗2008-10-16

▶

Ubuntu

CUPS vulnerabilities↗2008-10-15

▶

Ubuntu

CUPS vulnerability↗2008-05-05

▶

Red Hat

cups: integer overflow in the image filter↗2008-04-08

▶

Debian

CVE-2008-1722: cups - Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c...↗2008

▶

💬Community

Bugzilla

CVE-2008-5286 cups: Incomplete fix for CVE-2008-1722↗2008-12-01

▶

Bugzilla

CVE-2008-1722 cups: integer overflow in the image filter↗2008-04-09

▶