Published: 14/03/2014 Updated: 17/03/2014

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters prior to 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 13.10
debian debian linux
fedoraproject fedora
canonical ubuntu linux 12.04
canonical ubuntu linux 12.10
canonical ubuntu linux 10.04
linuxfoundation cups-filters 1.0.1
linuxfoundation cups-filters 1.0.10
linuxfoundation cups-filters 1.0.11
linuxfoundation cups-filters 1.0.12
linuxfoundation cups-filters 1.0.25
linuxfoundation cups-filters 1.0.26
linuxfoundation cups-filters 1.0.27
linuxfoundation cups-filters 1.0.28
linuxfoundation cups-filters 1.0.40
linuxfoundation cups-filters 1.0.41
linuxfoundation cups-filters 1.0.42
linuxfoundation cups-filters 1.0.43
linuxfoundation cups-filters 1.0.14
linuxfoundation cups-filters 1.0.16
linuxfoundation cups-filters 1.0.22
linuxfoundation cups-filters 1.0.24
linuxfoundation cups-filters 1.0.29
linuxfoundation cups-filters 1.0.30
linuxfoundation cups-filters 1.0.37
linuxfoundation cups-filters 1.0.39
linuxfoundation cups-filters 1.0.45
linuxfoundation cups-filters 1.0.5
linuxfoundation cups-filters 1.0.18
linuxfoundation cups-filters 1.0.19
linuxfoundation cups-filters 1.0.2
linuxfoundation cups-filters 1.0.20
linuxfoundation cups-filters 1.0.32
linuxfoundation cups-filters 1.0.33
linuxfoundation cups-filters 1.0.34
linuxfoundation cups-filters 1.0.35
linuxfoundation cups-filters 1.0.36
linuxfoundation cups-filters 1.0.6
linuxfoundation cups-filters 1.0.7
linuxfoundation cups-filters 1.0.8
linuxfoundation cups-filters 1.0.9
linuxfoundation cups-filters 1.0
linuxfoundation cups-filters 1.0.13
linuxfoundation cups-filters 1.0.15
linuxfoundation cups-filters 1.0.17
linuxfoundation cups-filters 1.0.21
linuxfoundation cups-filters 1.0.23
linuxfoundation cups-filters 1.0.3
linuxfoundation cups-filters 1.0.31
linuxfoundation cups-filters 1.0.38
linuxfoundation cups-filters 1.0.4
linuxfoundation cups-filters 1.0.44
linuxfoundation cups-filters

Debian Bug report logs - #741318 cups-filters: CVE-2013-6476 CVE-2013-6475 CVE-2013-6474 CVE-2013-6473 Package: cups-filters; Maintainer for cups-filters is Debian Printing Team <debian-printing@listsdebianorg>; Source for cups-filters is src:cups-filters (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutil ...

cups-filters could be made to run programs as the lp user if it processed a specially crafted file ...

CUPS could be made to run programs as the lp user if it processed a specially crafted file ...

Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed For the oldstable distribution (squeeze), these problems have been fixed in version 144-7+squeeze4 For the stable distribution (wheezy) ...

Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed For the stable distribution (wheezy), these problems have been fixed in version 1018-21+deb7u1 For the unstable distribution (sid), the ...

CWE-264 http://www.debian.org/security/2014/dsa-2875 http://www.ubuntu.com/usn/USN-2144-1 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 http://www.ubuntu.com/usn/USN-2143-1 https://bugzilla.redhat.com/show_bug.cgi?id=1027551 http://www.debian.org/security/2014/dsa-2876 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741318 https://nvd.nist.gov https://usn.ubuntu.com/2143-1/

CVE-2013-6476

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect