CVE-2013-6476 — Cups-filters vulnerability

CWE-2649 documents7 sources

Severity

4.4MEDIUMNVD

EPSS

0.3%

top 47.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Linuxfoundation Cups-filters Canonical Ubuntu Linux

Timeline

PublishedMar 14

Latest updateMay 17

Description

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

▶Debianlinuxfoundation/cups-filters< 1.0.47-1+3

▶NVDlinuxfoundation/cups-filters1.0.46+46

▶Debianapple/cups< 1.5.0-16+3

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10

Patches

Patch: bzr.linuxfoundation.org ↗Patch: bzr.linuxfoundation.org ↗

🔴Vulnerability Details

GHSA

GHSA-h8wh-mfrq-x89f: The OPVPWrapper::loadDriver function in oprs/OPVPWrapper↗2022-05-17

▶

CVEList

CVE-2013-6476: The OPVPWrapper::loadDriver function in oprs/OPVPWrapper↗2014-03-14

▶

OSV

CVE-2013-6476: The OPVPWrapper::loadDriver function in oprs/OPVPWrapper↗2014-03-14

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2014-03-12

▶

Ubuntu

cups-filters vulnerabilities↗2014-03-12

▶

Debian

CVE-2013-6476: cups - The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp fi...↗2013

▶

💬Community

Bugzilla

CVE-2013-6473 CVE-2013-6476 CVE-2013-6474 CVE-2013-6475 cups-filters: various flaws [fedora-all]↗2014-03-11

▶

Bugzilla

CVE-2013-6476 cups-filters: pdftoopvp could load drivers from an attacker-controlled directory↗2013-11-07

▶