Debian Cups vulnerabilities

CVE-2010-1748 [MEDIUM] CVE-2010-1748: cups - The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS... The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information fro

CVE-2010-0540 [MEDIUM] CVE-2010-0540: cups - Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS bef... Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. Scope: local bookworm: resolved (fixed in 1.4.4-1) bullseye: resolved (fixed in 1.4.4-1) f

CVE-2010-2431 [LOW] CVE-2010-2431: cups - The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group... The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. Scope: local bookworm: resolved (fixed in 1.4.4-1) bullseye: resolved (fixed in 1.4.4-1) forky: resolved (fixed in 1.4.4-1) sid: resolved (fixed in 1.4.

CVE-2009-0949 [HIGH] CVE-2009-0949: cups - The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not pro... The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. Scope: local bookworm: resolved (fixed in 1.3.10-1) bullseye: resolved

CVE-2009-0791 [MEDIUM] CVE-2009-0791: cups - Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the p... Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2)

CVE-2009-0163 [MEDIUM] CVE-2009-0163: cups - Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier a... Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow

CVE-2009-1196 [MEDIUM] CVE-2009-1196: cups - The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 ... The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." Scope: local bookworm: resolved (fixed in 1.1.99.b1.r4748-1) bullseye: resolved (fixed in 1.1.99.b1.r4748

CVE-2009-0147 [MEDIUM] CVE-2009-0147: cups - Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUP... Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Scope: local bookworm: resolved bullseye: re

CVE-2009-2820 [MEDIUM] CVE-2009-2820: cups - The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 ... The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print s

CVE-2009-0166 [MEDIUM] CVE-2009-0166: cups - The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other... The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2009-0164 [MEDIUM] CVE-2009-0164: cups - The web interface for CUPS before 1.3.10 does not validate the HTTP Host header ... The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. Scope: local bookworm: resolved (fixed in 1.3.10-1) bullseye: resolved (fixed in 1.3.10-1) forky: resolved (fixed in 1.3.10-1) sid: resolved (fixed in 1.3.10-1) trixie: resolved (fixed in 1.3.1

CVE-2009-2807 [HIGH] CVE-2009-2807: cups - Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 a... Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2009-3553 [HIGH] CVE-2009-3553: cups - Use-after-free vulnerability in the abstract file-descriptor handling interface ... Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a ref

CVE-2009-0146 [MEDIUM] CVE-2009-0146: cups - Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS... Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixi

CVE-2008-5184 [CRITICAL] CVE-2008-5184: cups - The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username... The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. Scope: local bookworm: resolved (fixed in 1.3.8-1) bullseye: resolved (fixed in 1.3.8-1

CVE-2008-0053 [CRITICAL] CVE-2008-0053: cups - Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3... Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. Scope: local bookworm: resolved (fixed in 1.3.6-1) bullseye: resolved (fixed in 1.3.6-1) forky: resolved (fixed in 1.3.6-1) sid: resolved (fixed in 1.3.6-1) trixie: resolved (fixed in 1.3.6-1)

CVE-2008-5286 [HIGH] CVE-2008-5286: cups - Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 ... Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 1.3.8-1lenny4) bullseye: resolved (fixed in 1.3.8-1lenny4) forky: resolved (fixed in 1.3.8-1

CVE-2008-3641 [CRITICAL] CVE-2008-3641: cups - The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows ... The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. Scope: local bookworm: resolved (fixed in 1.3.8-1lenny2) bullseye: resolved (fixed in 1.3.8-1lenny2) forky: resolved (fixed in 1.3.8-1lenny2) sid: resolved (fixed in 1.3

CVE-2008-1373 [LOW] CVE-2008-1373: cups - Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attacke... Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. Scope: local bookworm: resolved (fixed in 1.3.7-1) bullseye: resolved (fixed in 1.3.7-1) forky: resolved (fixed in 1.3.7-1) sid: resolved (fixed in 1.3.7-1) trixie: resolved (fixed in 1.

CVE-2008-0882 [CRITICAL] CVE-2008-0882: cups - Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allo... Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information