CVE-2009-0577Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Cups

4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
3.1%
top 13.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Cups
Timeline
PublishedFeb 20
Latest updateMay 2

Description

Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/cups1.1.17

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-cjcq-j2gf-3gvx: Integer overflow in the WriteProlog function in texttops in CUPS 12022-05-02
CVEList
CVE-2009-0577: Integer overflow in the WriteProlog function in texttops in CUPS 12009-02-20

📋Vendor Advisories

1
Red Hat
cups-CVE-2008-3640.patch has been corrupted.2009-02-17
CVE-2009-0577 — Apple Cups vulnerability | cvebase