Apple Cups vulnerabilities

CVE-2009-0195 [MEDIUM] CWE-119 CVE-2009-0195: Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, all Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

CVE-2009-1180 [MEDIUM] CWE-399 CVE-2009-1180: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and ot The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

CVE-2009-0166 [MEDIUM] CWE-399 CVE-2009-0166: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows rem The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

CVE-2009-0146 [MEDIUM] CWE-119 CVE-2009-0146: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

CVE-2009-0163 [MEDIUM] CWE-189 CVE-2009-0163: Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attacke Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-bas

CVE-2009-1179 [MEDIUM] CWE-189 CVE-2009-1179: Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler b Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2009-1181 [MEDIUM] CWE-399 CVE-2009-1181: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and ot The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

CVE-2009-0800 [MEDIUM] CWE-20 CVE-2009-0800: Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and e Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2009-0147 [MEDIUM] CWE-189 CVE-2009-0147: Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

CVE-2009-0799 [MEDIUM] CWE-119 CVE-2009-0799: The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and ot The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

CVE-2009-0577 [MEDIUM] CVE-2009-0577: Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640.

CVE-2008-5377 [MEDIUM] CVE-2008-5377: pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /t pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

CVE-2008-5286 [HIGH] CWE-189 CVE-2008-5286: Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attack Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

CVE-2008-5184 [CRITICAL] CWE-255 CVE-2008-5184: The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

CVE-2008-5183 [HIGH] CWE-476 CVE-2008-5183: cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

CVE-2008-3639 [HIGH] CWE-119 CVE-2008-3639: Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remot Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

CVE-2008-3640 [MEDIUM] CWE-189 CVE-2008-3640: Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attacker Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

CVE-2008-3641 [CRITICAL] CWE-399 CVE-2008-3641: The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

CVE-2008-1033 [LOW] CVE-2008-1033: The scheduler in CUPS in Apple Mac OS X 10 The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

CVE-2008-1722 [MEDIUM] CVE-2008-1722: Multiple integer overflows in (1) filter/image-png Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.