CVE-2009-0163

Name of the Vulnerable Software and Affected Versions cups versions prior to 1.3.10 cups-libs-x86 (affected versions not specified) cups-debugsource (affected versions not specified) cups-libs-32bit (affected versions not specified) cups-client (affected versions not specified) cups-debuginfo (affected versions not specified) cups-devel (affected versions not specified) cups-libs (affected versions not specified)

Description The issue involves multiple vulnerabilities in the cups package of various Linux operating systems, including SUSE Linux Enterprise and Gentoo Linux. These vulnerabilities can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information. The exploitation can result in a denial of service or possibly the execution of arbitrary code. Specifically, an integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a daemon crash and possibly execute arbitrary code via a crafted TIFF image. This is due to improper handling by the cupsImageReadTIFF function in the imagetops filter and the imagetoraster filter, leading to a heap-based buffer overflow.

Recommendations For cups versions prior to 1.3.10, update to version 1.3.10 or later. For cups-libs-x86, consider disabling the package until a patch is available. For cups-debugsource, restrict access to the package to minimize the risk of exploitation. For cups-libs-32bit, avoid using the package in sensitive operations until the issue is resolved. For cups-client, consider disabling the client functionality until a patch is available. For cups-debuginfo, restrict access to the package to minimize the risk of exploitation. For cups-devel, consider disabling the development package until a patch is available. For cups-libs, avoid using the package in sensitive operations until the issue is resolved.