PT-2008-1012 · Apple+1 · Cups+1

Tomas Hoger

Published

2008-03-18

Updated

2018-10-11

CVE-2008-1373

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.2.12-r7 cups versions 1.3.6

Description The issue involves multiple vulnerabilities in the CUPS package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A buffer overflow vulnerability exists in the gif read lzw function, allowing remote attackers to have an unknown impact via a GIF file with a large code size value.

Recommendations For CUPS versions prior to 1.2.12-r7, update to version 1.2.12-r7 or later to resolve the issue. For CUPS version 1.3.6, consider disabling the gif read lzw function as a temporary workaround until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-01436

BDU:2015-09622

CVE-2008-1373

DSA-1625-1

DTSA-122-1

RHSA-2008:0192

RHSA-2008:0206

RHSA-2008_0192

RHSA-2008_0206

Affected Products

Cups

Red Hat

PT-2008-1012 · Apple+1 · Cups+1

CVE-2008-1373

Weakness Enumeration

Related Identifiers

Affected Products

References · 43