CVE-2008-5286

Published: Dec 1, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20081201 (sort of urgent) CVE Request -- cups (repost)

mailing-list

x_refsource_MLIST

33101

third-party-advisory

x_refsource_SECUNIA

32518

vdb-entry

x_refsource_BID

GLSA-200812-11

vendor-advisory

x_refsource_GENTOO

oval:org.mitre.oval:def:10058

vdb-entry

signature

x_refsource_OVAL

33111

third-party-advisory

x_refsource_SECUNIA

RHSA-2008:1028

vendor-advisory

x_refsource_REDHAT

http://www.cups.org/str.php?L2974

x_refsource_CONFIRM

GLSA-200812-01

vendor-advisory

x_refsource_GENTOO

MDVSA-2009:029

vendor-advisory

x_refsource_MANDRIVA

SUSE-SR:2009:002

vendor-advisory

x_refsource_SUSE

33568

third-party-advisory

x_refsource_SECUNIA

DSA-1677

vendor-advisory

x_refsource_DEBIAN

32962

third-party-advisory

x_refsource_SECUNIA

1021298

vdb-entry

x_refsource_SECTRACK

ADV-2008-3315

vdb-entry

x_refsource_VUPEN

cups-cupsimagereadpng-overflow(46933)

vdb-entry

x_refsource_XF

MDVSA-2009:028

vendor-advisory

x_refsource_MANDRIVA

http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-5286

Description

Affected Products

References