PT-2009-3224 · Apple · Cups
Keishi.Sonoda
·
Published
2009-02-20
·
Updated
2023-02-13
·
CVE-2009-0577
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CUPS version 1.1.17
Description
The issue is caused by an integer overflow in the WriteProlog function in texttops, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a crafted PostScript file that triggers a heap-based buffer overflow.
Recommendations
For CUPS version 1.1.17, consider applying a patch or fix to address the integer overflow issue in the WriteProlog function. As a temporary workaround, restrict access to the texttops functionality to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cups