CVE-2008-3639Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Cups

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow8 documents8 sources
Severity
7.5HIGHNVD
EPSS
8.0%
top 7.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Cups
Timeline
PublishedOct 14
Latest updateMay 2

Description

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianapple/cups< 1.3.8-1lenny2+3
NVDapple/cups1.3.8+54

🔴Vulnerability Details

3
GHSA
GHSA-phmm-796g-q6c9: Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 12022-05-02
OSV
CVE-2008-3639: Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 12008-10-14
CVEList
CVE-2008-3639: Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 12008-10-14

📋Vendor Advisories

3
Ubuntu
CUPS vulnerabilities2008-10-15
Red Hat
CUPS: SGI image parser heap-based buffer overflow2008-10-09
Debian
CVE-2008-3639: cups - Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS befor...2008

💬Community

1
Bugzilla
CVE-2008-3639 CUPS: SGI image parser heap-based buffer overflow2008-09-30
CVE-2008-3639 — Apple Cups vulnerability | cvebase