CVE-2008-3640 — Integer Overflow or Wraparound in Apple Cups

CWE-189 CWE-190 — Integer Overflow or Wraparound9 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

9.0%

top 7.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups

Timeline

PublishedOct 14

Latest updateMay 2

Description

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianapple/cups< 1.3.8-1lenny2+3

▶NVDapple/cups1.3.8+54

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-45qx-8jq2-whqw: Integer overflow in the WriteProlog function in texttops in CUPS before 1↗2022-05-02

▶

CVEList

CVE-2008-3640: Integer overflow in the WriteProlog function in texttops in CUPS before 1↗2008-10-14

▶

OSV

CVE-2008-3640: Integer overflow in the WriteProlog function in texttops in CUPS before 1↗2008-10-14

▶

📋Vendor Advisories

Red Hat

cups-CVE-2008-3640.patch has been corrupted.↗2009-02-17

▶

Ubuntu

CUPS vulnerabilities↗2008-10-15

▶

Red Hat

CUPS: texttops integer overflow↗2008-10-09

▶

Debian

CVE-2008-3640: cups - Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 al...↗2008

▶

💬Community

Bugzilla

CVE-2008-3640 CUPS: texttops integer overflow↗2008-09-30

▶