Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3641 — Apple Cups vulnerability

CWE-3999 documents9 sources

Severity

10.0CRITICALNVD

EPSS

55.2%

top 1.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Cups

Timeline

PublishedOct 10

Latest updateMay 2

Description

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianapple/cups< 1.3.8-1lenny2+3

▶NVDapple/cups1.3.8+54

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6fwg-7777-r73j: The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1↗2022-05-02

▶

CVEList

CVE-2008-3641: The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1↗2008-10-10

▶

OSV

CVE-2008-3641: The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1↗2008-10-10

▶

💥Exploits & PoCs

Exploit-DB

CUPS 1.3.7 - 'HP-GL/2' Filter Remote Code Execution↗2008-10-09

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2008-10-15

▶

Red Hat

CUPS: HP/GL reader insufficient bounds checking↗2008-10-09

▶

Debian

CVE-2008-3641: cups - The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows ...↗2008

▶

💬Community

Bugzilla

CVE-2008-3641 CUPS: HP/GL reader insufficient bounds checking↗2008-09-30

▶