Published: 23/04/2009 Updated: 11/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and previous versions allows remote malicious users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple cups 1.3.6
apple cups 1.1.3
apple cups 1.1.4
apple cups 1.1.6-2
apple cups 1.1.8
apple cups 1.1.11
apple cups 1.1.14
apple cups 1.1.19
apple cups 1.1.20
apple cups 1.1.21
apple cups 1.2
apple cups 1.1.23
apple cups 1.2.2
apple cups 1.2.6
apple cups 1.3
apple cups 1.3.5
apple cups 1.3.8
apple cups 1.1.5-1
apple cups 1.1.5-2
apple cups 1.1.9-1
apple cups 1.1.10-1
apple cups 1.1.15
apple cups 1.1.18
apple cups 1.1.22
apple cups 1.2.5
apple cups 1.2.9
apple cups 1.2.10
apple cups 1.3.1
apple cups 1.3.2
apple cups 1.1
apple cups 1.1.1
apple cups 1.1.5
apple cups 1.1.9
apple cups 1.1.7
apple cups 1.1.16
apple cups 1.1.13
apple cups 1.2.1
apple cups 1.2.0
apple cups 1.2.7
apple cups 1.2.8
apple cups 1.3.0
apple cups 1.3.7
apple cups
apple cups 1.1.6
apple cups 1.1.6-1
apple cups 1.1.2
apple cups 1.1.10
apple cups 1.1.6-3
apple cups 1.1.17
apple cups 1.1.12
apple cups 1.2.4
apple cups 1.2.3
apple cups 1.2.11
apple cups 1.2.12
apple cups 1.3.3
apple cups 1.3.4

It was discovered that CUPS did not properly check the height of TIFF images If a user or automated system were tricked into opening a crafted TIFF image file, a remote attacker could cause a denial of service or possibly execute arbitrary code with user privileges In Ubuntu 710, 804 LTS, and 810, attackers would be isolated by the AppArmor CU ...

Synopsis Important: cups security update Type/Severity Security Advisory: Important Topic Updated cups packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having important security impact by the RedHat Security Response Team ...

Synopsis Moderate: cups security update Type/Severity Security Advisory: Moderate Topic Updated cups packages that fix one security issue are now available for RedHat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

It was discovered that the imagetops filter in cups, the Common UNIX Printing System, is prone to an integer overflow when reading malicious TIFF images For the oldstable distribution (etch), this problem has been fixed in version 127-4etch7 For the stable distribution (lenny), this problem has been fixed in version 138-1lenny5 For the testi ...

CWE-189 https://bugzilla.redhat.com/show_bug.cgi?id=490596 http://www.cups.org/str.php?L3031 http://www.cups.org/articles.php?L582 http://www.securityfocus.com/bid/34571 http://secunia.com/advisories/34481 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://www.securitytracker.com/id?1022070 http://secunia.com/advisories/34722 http://secunia.com/advisories/34852 http://www.redhat.com/support/errata/RHSA-2009-0428.html http://www.ubuntu.com/usn/usn-760-1 http://www.redhat.com/support/errata/RHSA-2009-0429.html http://www.debian.org/security/2009/dsa-1773 http://wiki.rpath.com/Advisories:rPSA-2009-0061 http://secunia.com/advisories/34756 http://security.gentoo.org/glsa/glsa-200904-20.xml http://secunia.com/advisories/34747 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546 http://www.securityfocus.com/archive/1/502750/100/0/threaded https://usn.ubuntu.com/760-1/https://nvd.nist.gov

CVE-2009-0163

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect