CVE-2014-9679medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
References
http://advisories.mageia.org/MGASA-2015-0067.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150171.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150177.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.html
http://rhn.redhat.com/errata/RHSA-2015-1123.html
http://www.debian.org/security/2015/dsa-3172
http://www.mandriva.com/security/advisories?name=MDVSA-2015:049
http://www.mandriva.com/security/advisories?name=MDVSA-2015:108
http://www.openwall.com/lists/oss-security/2015/02/10/15
http://www.openwall.com/lists/oss-security/2015/02/12/12
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/72594
http://www.securitytracker.com/id/1031776
http://www.ubuntu.com/usn/USN-2520-1
Vulnerable Software
Configuration 1
AND
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124935 | EulerOS Virtualization 3.0.1.0 : cups (EulerOS-SA-2019-1432) | Nessus | Huawei Local Security Checks | high |
| 92350 | GLSA-201607-06 : CUPS: Buffer overflow | Nessus | Gentoo Local Security Checks | medium |
| 84595 | Amazon Linux AMI : cups (ALAS-2015-559) | Nessus | Amazon Linux Local Security Checks | critical |
| 84276 | CentOS 6 / 7 : cups (CESA-2015:1123) | Nessus | CentOS Local Security Checks | critical |
| 84259 | Scientific Linux Security Update : cups on SL6.x, SL7.x i386/x86_64 (20150617) | Nessus | Scientific Linux Local Security Checks | critical |
| 84258 | RHEL 6 / 7 : cups (RHSA-2015:1123) | Nessus | Red Hat Local Security Checks | critical |
| 84257 | OracleVM 3.3 : cups (OVMSA-2015-0071) | Nessus | OracleVM Local Security Checks | critical |
| 84256 | Oracle Linux 6 / 7 : cups (ELSA-2015-1123) | Nessus | Oracle Linux Local Security Checks | critical |
| 82361 | Mandriva Linux Security Advisory : cups (MDVSA-2015:108) | Nessus | Mandriva Local Security Checks | medium |
| 82142 | Debian DLA-159-1 : cups security update | Nessus | Debian Local Security Checks | medium |
| 82019 | SuSE 11.3 Security Update : cups (SAT Patch Number 10394) | Nessus | SuSE Local Security Checks | medium |
| 81932 | Mandriva Linux Security Advisory : cups (MDVSA-2015:049) | Nessus | Mandriva Local Security Checks | medium |
| 81573 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : cups vulnerability (USN-2520-1) | Nessus | Ubuntu Local Security Checks | medium |
| 81562 | openSUSE Security Update : cups (openSUSE-2015-182) | Nessus | SuSE Local Security Checks | medium |
| 81526 | Debian DSA-3172-1 : cups - security update | Nessus | Debian Local Security Checks | medium |
| 81428 | Fedora 20 : cups-1.7.5-12.fc20 (2015-2152) | Nessus | Fedora Local Security Checks | medium |
| 81427 | Fedora 21 : cups-1.7.5-15.fc21 (2015-2127) | Nessus | Fedora Local Security Checks | medium |