Apple Cups vulnerabilities

CVE-2008-1374 [MEDIUM] CVE-2008-1374: Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-b Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.

CVE-2008-1373 [LOW] CVE-2008-1373: Buffer overflow in the gif_read_lzw function in CUPS 1 Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

CVE-2008-0047 [CRITICAL] CVE-2008-0047: Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1 Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

CVE-2008-0053 [CRITICAL] CWE-119 CVE-2008-0053: Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remot Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.

CVE-2008-0882 [CRITICAL] CVE-2008-0882: Double free vulnerability in the process_browse_data function in CUPS 1 Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.

CVE-2007-5849 [CRITICAL] CVE-2007-5849: Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

CVE-2007-5848 [HIGH] CVE-2007-5848: Buffer overflow in CUPS in Apple Mac OS X 10 Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.

CVE-2007-6358 [MEDIUM] CVE-2007-6358: pdftops pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.

CVE-2007-5393 [CRITICAL] CVE-2007-5393: Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.

CVE-2007-5392 [CRITICAL] CVE-2007-5392: Integer overflow in the DCTStream::reset method in xpdf/Stream Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

CVE-2007-4352 [HIGH] CVE-2007-4352: Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

CVE-2007-4351 [CRITICAL] CVE-2007-4351: Off-by-one error in the ippReadIO function in cups/ipp Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

CVE-2007-3387 [MEDIUM] CWE-190 CVE-2007-3387: Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppl Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredict

CVE-2007-4045 [MEDIUM] CVE-2007-4045: The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.

CVE-2007-0720 [MEDIUM] CVE-2007-0720: The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.

CVE-2005-3625 [CRITICAL] CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVE-2005-4873 [HIGH] CVE-2005-4873: Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1 Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c.

CVE-2005-3628 [HIGH] CVE-2005-3628: Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

CVE-2005-3627 [HIGH] CVE-2005-3627: Stream Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of

CVE-2005-3624 [MEDIUM] CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.