CVE-2008-1722

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.

References

http://secunia.com/advisories/29809

http://secunia.com/advisories/29902

http://secunia.com/advisories/30078

http://secunia.com/advisories/30190

http://secunia.com/advisories/30553

http://secunia.com/advisories/30717

http://secunia.com/advisories/31324

http://secunia.com/advisories/32292

http://www.cups.org/str.php?L2790

http://www.debian.org/security/2008/dsa-1625

http://www.gentoo.org/security/en/glsa/glsa-200804-23.xml

http://www.kb.cert.org/vuls/id/218395

http://www.mandriva.com/security/advisories?name=MDVSA-2008:170

http://www.novell.com/linux/security/advisories/2008_13_sr.html

http://www.osvdb.org/44398

http://www.securityfocus.com/bid/28781

http://www.securitytracker.com/id?1019854

http://www.ubuntu.com/usn/usn-606-1

http://www.vupen.com/english/advisories/2008/1226/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41832

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8768

https://rhn.redhat.com/errata/RHSA-2008-0498.html

https://usn.ubuntu.com/656-1/

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00068.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00081.html

Details

Source: MITRE

Published: 2008-04-10

Updated: 2018-10-03

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:cups:cups:1.3:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
67775Oracle Linux 3 : cups (ELSA-2008-1028)NessusOracle Linux Local Security Checks
high
67699Oracle Linux 3 / 4 / 5 : cups (ELSA-2008-0498)NessusOracle Linux Local Security Checks
medium
60415Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
37836Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : cupsys vulnerabilities (USN-656-1)NessusUbuntu Local Security Checks
critical
36759Mandriva Linux Security Advisory : cups (MDVSA-2008:170)NessusMandriva Local Security Checks
medium
35182RHEL 3 : cups (RHSA-2008:1028)NessusRed Hat Local Security Checks
high
35173CentOS 3 : cups (CESA-2008:1028)NessusCentOS Local Security Checks
high
33774Debian DSA-1625-1 : cupsys - buffer overflowsNessusDebian Local Security Checks
critical
4610CUPS < 1.3.8 Crafted PNG File Integer OverflowNessus Network MonitorWeb Servers
medium
33577CUPS < 1.3.8 PNG File Handling Multiple OverflowsNessusMisc.
high
33109CentOS 3 / 4 / 5 : cups (CESA-2008:0498)NessusCentOS Local Security Checks
medium
33096RHEL 3 / 4 / 5 : cups (RHSA-2008:0498)NessusRed Hat Local Security Checks
medium
32331Fedora 9 : cups-1.3.7-2.fc9 (2008-3756)NessusFedora Local Security Checks
medium
32207Fedora 8 : cups-1.3.7-2.fc8 (2008-3586)NessusFedora Local Security Checks
medium
32197Fedora 7 : cups-1.2.12-11.fc7 (2008-3449)NessusFedora Local Security Checks
medium
32186Ubuntu 6.06 LTS / 7.04 / 7.10 : cupsys vulnerability (USN-606-1)NessusUbuntu Local Security Checks
medium
32016GLSA-200804-23 : CUPS: Integer overflow vulnerabilityNessusGentoo Local Security Checks
medium