Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CUPS Multiple Vulnerabilities - Oct08

Information

Severity

Severity

Critical

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

3 years ago

Summary

This host is running CUPS (Common UNIX Printing System) Service, which is prone to Buffer Overflow and Integer Overflow Vulnerabilities.

Insight

Insight

The flaws are due to - an error in the implementation of the HP-GL/2 filter and can be exploited to cause buffer overflows with HP-GL/2 files containing overly large pen numbers. - an error within the read_rle8() and read_rle16() functions when parsing malformed Run Length Encoded(RLE) data within Silicon Graphics Image(SGI) files and can exploited to cause heap-based buffer overflow with a specially crafted SGI file. - an error within the WriteProlog() function included in the texttops utility and can be exploited to cause a heap-based buffer overflow with specially crafted file.

Affected Software

Affected Software

CUPS versions prior to 1.3.9.

Solution

Solution

Upgrade to CUPS version 1.3.9 or later.

Common Vulnerabilities and Exposures (CVE)