Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-9679

Published: 19/02/2015 Updated: 30/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS prior to 2.0.2 allows remote malicious users to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple cups

Vendor Advisories

Ubuntu Security Notice: cups vulnerability
CUPS could be made to crash or run programs if it processed a specially crafted file ...
Debian CVElist Bug Report Logs: cups: CVE-2014-9679
Debian Bug report logs - #778387 cups: CVE-2014-9679 Package: cups; Maintainer for cups is Debian Printing Team <debian-printing@listsdebianorg>; Source for cups is src:cups (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 14 Feb 2015 13:27:02 UTC Severity: grave Tags: fixed-upstre ...
Debian CVElist Bug Report Logs: cups: CVE-2014-9679
Debian Bug report logs - #778387 cups: CVE-2014-9679 Package: cups; Maintainer for cups is Debian Printing Team <debian-printing@listsdebianorg>; Source for cups is src:cups (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 14 Feb 2015 13:27:02 UTC Severity: grave Tags: fixed-upstre ...
Debian Security Advisories: DSA-3172-1 cups -- security update
Peter De Wachter discovered that CUPS, the Common UNIX Printing System, did not correctly parse compressed raster files By submitting a specially crafted raster file, a remote attacker could use this vulnerability to trigger a buffer overflow For the stable distribution (wheezy), this problem has been fixed in version 153-5+deb7u5 For the upco ...
Amazon Linux AMI: ALAS-2015-559
A string reference count bug was found in cupsd, causing premature freeing of string objects An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CV ...

References

CWE-119https://www.cups.org/str.php?L4551http://www.openwall.com/lists/oss-security/2015/02/12/12http://www.securityfocus.com/bid/72594http://www.openwall.com/lists/oss-security/2015/02/10/15http://www.debian.org/security/2015/dsa-3172http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.htmlhttp://www.ubuntu.com/usn/USN-2520-1http://www.mandriva.com/security/advisories?name=MDVSA-2015:049http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150177.htmlhttp://www.securitytracker.com/id/1031776http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150171.htmlhttp://advisories.mageia.org/MGASA-2015-0067.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201607-06http://rhn.redhat.com/errata/RHSA-2015-1123.htmlhttps://usn.ubuntu.com/2520-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook