CVE-2009-0163

CWE-189CWE-190Integer Overflow8 documents8 sources
Severity
6.8MEDIUM
EPSS
5.0%
top 10.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Cups
Timeline
PublishedApr 23
Latest updateMay 2

Description

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiancups< 1.3.10-1+3
NVDapple/cups1.3.9+55

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-5x2p-gch7-phhj: Integer overflow in the TIFF image decoding routines in CUPS 12022-05-02
CVEList
CVE-2009-0163: Integer overflow in the TIFF image decoding routines in CUPS 12009-04-23
OSV
CVE-2009-0163: Integer overflow in the TIFF image decoding routines in CUPS 12009-04-23

📋Vendor Advisories

3
Red Hat
cups: Integer overflow in the TIFF image filter2009-04-16
Ubuntu
CUPS vulnerability2009-04-16
Debian
CVE-2009-0163: cups - Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier a...2009

💬Community

1
Bugzilla
CVE-2009-0163 cups: Integer overflow in the TIFF image filter2009-03-17
CVE-2009-0163 (MEDIUM CVSS 6.8) | Integer overflow in the TIFF image | cvebase.io