PT-2014-1794 · Cups+1 · Cups-Filters+1

Florian Weimer

Published

2014-03-12

Updated

2024-06-15

CVE-2013-6476

CVSS v2.0

8.3

High

Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cups-filters versions prior to 1.0.47 cups-filters versions prior to 1.0.53

Description The issue allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file, specifically through the OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters. Multiple vulnerabilities in the cups-filters package may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For versions prior to 1.0.47, update to version 1.0.47 or later. For versions prior to 1.0.53, update to version 1.0.53 or later. As a temporary workaround, consider restricting access to the pdftoopvp filter until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-119

Related Identifiers

ALT-PU-2014-1278

BDU:2015-04125

BDU:2015-09753

CVE-2013-6476

DSA-2875-1

DSA-2876-1

MGASA-2014-0170

OPENSUSE-SU-2024:10313-1

Affected Products

Alt Linux

Cups-Filters

PT-2014-1794 · Cups+1 · Cups-Filters+1

CVE-2013-6476

Weakness Enumeration

Related Identifiers

Affected Products

References · 35