Debian Cups vulnerabilities

CVE-2008-3640 [MEDIUM] CVE-2008-3640: cups - Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 al... Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.3.8-1lenny2) bullseye: resolved (fixed in 1.3.8-1lenny2) forky: resolved (fixed in 1.3.8-1lenny2) sid: resolved (fixed in 1.3

CVE-2008-1722 [MEDIUM] CVE-2008-1722: cups - Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c... Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. Scope: local bookworm: resolved (fixed in 1.3.7-2) bullseye: resolved (fixed in 1.3.7-2) forky: resolved (fixed in 1.3.7-2) sid: resolved (fixed in 1.3.7

CVE-2008-3639 [HIGH] CVE-2008-3639: cups - Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS befor... Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count. Scope: local bookworm: resolved (fixed in 1.3.8-1lenny2) bullseye: resolved (fixed in 1.3.8-1lenny2) forky: resolved (fixed i

CVE-2008-0047 [CRITICAL] CVE-2008-0047: cups - Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and o... Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. Scope: local bookworm: resolved (fixed in 1.3.6-3) bullseye: resolved (fixed in 1.3.6-3) forky: resolv

CVE-2008-0596 [MEDIUM] CVE-2008-0596: cups - Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote at... Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-1374 [CRITICAL] CVE-2008-1374: cups - Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, ... Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-0597 [MEDIUM] CVE-2008-0597: cups - Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions,... Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-5377 [LOW] CVE-2008-5377: cups - pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a syml... pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. Scope: local bookworm: resolved (fixed in 1.3.8-1lenny1) bullseye: resolved (fixed in 1.3.8-1lenny1) forky: resolved (fixed in 1.3.8-1lenny1) sid: resolved (fixed in 1.3.8-1lenny1) trixie: resolved

CVE-2008-5183 [HIGH] CVE-2008-5183: cups - cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attacker... cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. Scope: local bookworm: resolved (fixed in 1.3.9-13) bullseye: resolved (fixed in 1.3

CVE-2008-1033 [LOW] CVE-2008-1033: cups - The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging i... The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." Scope: local bookworm: resolved (fixed in 1.3.7-1) bullseye: resolved (fixed in 1.3.7-1) forky: resolved (fixe

CVE-2007-5392 [CRITICAL] CVE-2007-5392: cups - Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p1... Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) forky: resolved (fixed in 1.1.22-7) sid: resolved (fixed in 1.1.22-7) trixie: r

CVE-2007-5393 [CRITICAL] CVE-2007-5393: cups - Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream... Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) forky: resolved (fixed in 1.1.22-7) sid: resolved (fixed in 1.1.22

CVE-2007-5848 [HIGH] CVE-2007-5848: cups - Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to ex... Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. Scope: local bookworm: resolved (fixed in 1.2.0) bullseye: resolved (fixed in 1.2.0) forky: resolved (fixed in 1.2.0) sid: resolved (fixed in 1.2.0) trixie: resolved (fixed in 1.2.0)

CVE-2007-4352 [HIGH] CVE-2007-4352: cups - Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Strea... Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) forky: re

CVE-2007-4351 [CRITICAL] CVE-2007-4351: cups - Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows re... Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.3.4-1) bullseye: resolved (fixed in 1.3.4-1) forky: re

CVE-2007-4045 [MEDIUM] CVE-2007-4045: cups - The CUPS service, as used in SUSE Linux before 20070720 and other Linux distribu... The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. Scope: local bookworm: resolved (fixed in 1.2) bullseye: resolved (fixed in 1.2) forky

CVE-2007-5849 [CRITICAL] CVE-2007-5849: cups - Integer underflow in the asn1_get_string function in the SNMP back end (backend/... Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.3.5-1) bullseye: resolved (fixed in 1.3.5-1) forky: resolved (fixed in 1.3.5-1) sid: re

CVE-2007-6358 [MEDIUM] CVE-2007-6358: cups - pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwri... pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS. Scope: local bookworm: resolved (fixed in 1.3.5-1) bullseye: resolved (fixed in 1.3.5-1) forky: resolved (fixed

CVE-2007-3387 [MEDIUM] CVE-2007-3387: cups - Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, ... Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine fu

CVE-2007-0720 [MEDIUM] CVE-2007-0720: cups - The CUPS service on multiple platforms allows remote attackers to cause a denial... The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. Scope: local bookworm: resolved (fixed in 1.2.7-1) bullseye: resolved (fixed in 1.2.7-1) forky: resolved (fixed in 1.2.7-1) sid: resolved (fixed in 1.2.7-1) trixie: res