CVE-2010-5325 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Foomatic-filters

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131 — Incorrect Calculation of Buffer Size CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

9.8CRITICALNVD

EPSS

6.3%

top 9.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foomatic-filters Linuxfoundation Foomatic-filters Oracle Linux +6 more

Timeline

PublishedApr 15

Latest updateMay 13

Description

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶Debianfoomatic-filters/foomatic-filters< 4.0.5-6+3

▶NVDlinuxfoundation/foomatic-filters4.0.5

▶NVDoracle/linux6

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Enterprise Linux 6.0, 6.7.z

Patches

Patch: bzr.linuxfoundation.org ↗Patch: bzr.linuxfoundation.org ↗

🔴Vulnerability Details

GHSA

GHSA-f3f5-3w2j-q3qx: Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4↗2022-05-13

▶

OSV

CVE-2010-5325: Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4↗2016-04-15

▶

CVEList

CVE-2010-5325: Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4↗2016-04-15

▶

📋Vendor Advisories

Red Hat

foomatic: potential remote arbitrary code execution↗2015-05-05

▶

Debian

CVE-2010-5325: cups-filters - Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic...↗2010

▶

💬Community

Bugzilla

CVE-2010-5325 foomatic: potential remote arbitrary code execution↗2015-05-04

▶