Elias Pipping

Name of the Vulnerable Software and Affected Versions: CUPS versions 1.2 through 1.3.4 cups prior to version 1.3.5 Description: The issue is related to an integer underflow in the asn1 get string function in the SNMP back end, which can be exploited by remote attackers to execute arbitrary code via a crafted SNMP response, triggering a stack-based buffer overflow. Multiple vulnerabilities in the cups package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely. Recommendations: For CUPS versions 1.2 through 1.3.4, update to version 1.3.5 or later to resolve the issue. For cups prior to version 1.3.5, update to version 1.3.5 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: pdftops.pl versions prior to 1.20 cups versions prior to 1.3.5 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file created when pdftops reads a PDF file from stdin. Additionally, multiple vulnerabilities in the cups package can lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. Recommendations: For pdftops.pl versions prior to 1.20, update to version 1.20 or later to resolve the issue. For cups versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue.