CVE-2013-6473
published 2014-03-14CVE-2013-6473: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.43%
87.4th percentile
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | cups-filters | < cups-filters 1.0.47-1 (bookworm) | cups-filters 1.0.47-1 (bookworm) |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | — | — |
| linuxfoundation | cups-filters | >= 0 < 1.0.47-1 | 1.0.47-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8gv8-v2jg-r2xw: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1
ghsa_unreviewed·2022-05-17
CVE-2013-6473 [MEDIUM] CWE-119 GHSA-8gv8-v2jg-r2xw: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
OSV
CVE-2013-6473: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1
osv·2014-03-14·CVSS 6.8
CVE-2013-6473 [MEDIUM] CVE-2013-6473: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2014-03-12·CVSS 6.8
CVE-2013-6473 [MEDIUM] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: cups-filters could be made to run programs as the lp user if it processed a
specially crafted file.
Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. This issue only
affected Ubuntu 13.10. (CVE-2013-6473)
Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. (CVE-2013-6474,
CVE-2013-6475)
Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use this
issue to execute arbit
Debian
CVE-2013-6473: cups-filters - Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0....
vendor_debian·2013·CVSS 6.8
CVE-2013-6473 [MEDIUM] CVE-2013-6473: cups-filters - Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0....
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
Scope: local
bookworm: resolved (fixed in 1.0.47-1)
bullseye: resolved (fixed in 1.0.47-1)
forky: resolved (fixed in 1.0.47-1)
sid: resolved (fixed in 1.0.47-1)
trixie: resolved (fixed in 1.0.47-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-6473 CVE-2013-6476 CVE-2013-6474 CVE-2013-6475 cups-filters: various flaws [fedora-all]
bugzilla·2014-03-11·CVSS 6.8
CVE-2013-6473 [MEDIUM] CVE-2013-6473 CVE-2013-6476 CVE-2013-6474 CVE-2013-6475 cups-filters: various flaws [fedora-all]
CVE-2013-6473 CVE-2013-6476 CVE-2013-6474 CVE-2013-6475 cups-filters: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please n
Bugzilla
CVE-2013-6473 cups-filters: two heap-based buffer overflow flaws in urftopdf
bugzilla·2013-11-07·CVSS 6.8
CVE-2013-6473 [MEDIUM] CVE-2013-6473 cups-filters: two heap-based buffer overflow flaws in urftopdf
CVE-2013-6473 cups-filters: two heap-based buffer overflow flaws in urftopdf
Two heap-based buffer overflow flaws were found in the urftopdf filter. If a malicious URF file were processed, it could lead to arbitrary code execution with the privileges of the "lp" user.
Acknowledgements:
These issues were discovered by Florian Weimer of the Red Hat Product Security Team.
Discussion:
Public via:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
This issue has been resolved in upstream cups-filters-1.0.47
---
Created cups-filters tracking bugs for this issue:
Affects: fedora-all [bug 1074840]
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175http://www.securityfocus.com/bid/66601http://www.ubuntu.com/usn/USN-2143-1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333https://bugzilla.redhat.com/show_bug.cgi?id=1027547http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175http://www.securityfocus.com/bid/66601http://www.ubuntu.com/usn/USN-2143-1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333https://bugzilla.redhat.com/show_bug.cgi?id=1027547
2014-03-14
Published