CVE-2015-3279 — Integer Overflow or Wraparound in Cups-filters

CWE-189 CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow9 documents8 sources

Severity

7.5HIGHNVD

EPSS

34.5%

top 3.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Linuxfoundation Cups-filters Canonical Ubuntu Linux +1 more

Timeline

PublishedJul 14

Latest updateMay 17

Description

Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶Debianlinuxfoundation/cups-filters< 1.0.71-1+3

▶Ubuntulinuxfoundation/cups-filters< 1.0.52-0ubuntu1.5

▶NVDlinuxfoundation/cups-filters1.0.70

▶Debianapple/cups< 1.5.0-16+3

Also affects: Debian Linux 7.1, 8.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

GHSA

GHSA-m849-v2w8-6c9x: Integer overflow in filter/texttopdf↗2022-05-17

▶

OSV

CVE-2015-3279: Integer overflow in filter/texttopdf↗2015-07-14

▶

CVEList

CVE-2015-3279: Integer overflow in filter/texttopdf↗2015-07-14

▶

OSV

cups-filters vulnerabilities↗2015-07-06

▶

📋Vendor Advisories

Ubuntu

cups-filters vulnerabilities↗2015-07-06

▶

Red Hat

cups-filters: texttopdf integer overflow↗2015-07-02

▶

Debian

CVE-2015-3279: cups - Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.7...↗2015

▶

💬Community

Bugzilla

CVE-2015-3279 cups-filters: texttopdf integer overflow↗2015-07-03

▶