>> CUPS Data Handling Buffer and Integer Overflow Vulnerabilities
Title : CUPS Data Handling Buffer and Integer Overflow Vulnerabilities VUPEN ID : VUPEN/ADV-2008-2782 CVE ID : CVE-2008-3639 - CVE-2008-3640 - CVE-2008-3641 CWE ID : CWE-119 - CWE-189
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-10-13
Technical Description
Multiple vulnerabilities have been identified in CUPS, which could be exploited by attackers to compromise a vulnerable system.
The first issue is caused by buffer overflow errors in the HP-GL/2-to-PostScript hpgltops filter, which could be exploited by attackers to execute arbitrary code.
The second vulnerability is caused by buffer overflow errors in the "read_rle16()" and "read_rle8()" functions when parsing malformed Run Length Encoded (RLE) data within Silicon Graphics Image (SGI) files, which could be exploited to execute arbitrary code.
The third vulnerability is caused by an integer overflow error in the "WriteProlog()" function within the Text-to-PostScript texttops filter, which could be exploited by attackers to compromise a vulnerable system.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
