CVE-2015-3258Improper Restriction of Operations within the Bounds of a Memory Buffer in Cups-filters

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write9 documents8 sources
Severity
7.5HIGHNVD
EPSS
37.1%
top 2.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple CupsLinuxfoundation Cups-filtersCanonical Ubuntu Linux+1 more
Timeline
PublishedJul 14
Latest updateMay 17

Description

Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

Debianlinuxfoundation/cups-filters< 1.0.70-1+3
Ubuntulinuxfoundation/cups-filters< 1.0.52-0ubuntu1.5
Debianapple/cups< 1.5.0-16+3

Also affects: Debian Linux 7.1, 8.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

4
GHSA
GHSA-r69p-hhx7-vvhc: Heap-based buffer overflow in the WriteProlog function in filter/texttopdf2022-05-17
CVEList
CVE-2015-3258: Heap-based buffer overflow in the WriteProlog function in filter/texttopdf2015-07-14
OSV
CVE-2015-3258: Heap-based buffer overflow in the WriteProlog function in filter/texttopdf2015-07-14
OSV
cups-filters vulnerabilities2015-07-06

📋Vendor Advisories

3
Ubuntu
cups-filters vulnerabilities2015-07-06
Red Hat
cups-filters: texttopdf heap-based buffer overflow2015-06-26
Debian
CVE-2015-3258: cups - Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in ...2015

💬Community

1
Bugzilla
CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow2015-06-24
CVE-2015-3258 — Cups-filters vulnerability | cvebase