CVE-2008-5286

Name of the Vulnerable Software and Affected Versions CUPS versions 1.1.17 through 1.3.9

Description The issue concerns multiple vulnerabilities in the CUPS package that can be exploited remotely, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Specifically, an integer overflow in the cupsImageReadPNG function allows remote attackers to execute arbitrary code via a PNG image with a large height value, bypassing validation checks and triggering a buffer overflow.

Recommendations For CUPS versions 1.1.17 through 1.3.9, update to a version newer than 1.3.9 to resolve the issue. As a temporary workaround, consider restricting the use of PNG images or disabling the cupsImageReadPNG function until a patch is available. Avoid using the height variable in the affected CUPS function to minimize the risk of exploitation.