CVE-2013-6475 — Heap-based Buffer Overflow in Cups-filters

CWE-189 CWE-122 — Heap-based Buffer Overflow10 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

20.7%

top 4.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Linuxfoundation Cups-filters Canonical Ubuntu Linux

Timeline

PublishedMar 14

Latest updateMay 17

Description

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debianlinuxfoundation/cups-filters< 1.0.47-1+3

▶NVDlinuxfoundation/cups-filters1.0.46+46

▶Debianapple/cups< 1.5.0-16+3

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10

Patches

Patch: bzr.linuxfoundation.org ↗Patch: bzr.linuxfoundation.org ↗

🔴Vulnerability Details

GHSA

GHSA-2j38-xhmg-c3g9: Multiple integer overflows in (1) OPVPOutputDev↗2022-05-17

▶

OSV

CVE-2013-6475: Multiple integer overflows in (1) OPVPOutputDev↗2014-03-14

▶

CVEList

CVE-2013-6475: Multiple integer overflows in (1) OPVPOutputDev↗2014-03-14

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2014-03-12

▶

Ubuntu

cups-filters vulnerabilities↗2014-03-12

▶

Red Hat

cups-filters: possible heap-based buffer overflows due to the use of gmalloc↗2014-03-11

▶

Debian

CVE-2013-6475: cups - Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx ...↗2013

▶

💬Community

Bugzilla

CVE-2013-6473 CVE-2013-6476 CVE-2013-6474 CVE-2013-6475 cups-filters: various flaws [fedora-all]↗2014-03-11

▶

Bugzilla

CVE-2013-6475 cups-filters: possible heap-based buffer overflows due to the use of gmalloc↗2013-11-07

▶