CVE-2008-3639

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.3.9

Description The issue concerns multiple vulnerabilities in the CUPS package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in the read rle16 function in imagetops allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

Recommendations For versions prior to 1.3.9, update to version 1.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the imagetops function to minimize the risk of exploitation. Avoid using the read rle16 function with untrusted SGI images until the issue is resolved.