FreeBSD : cups-filters -- texttopdf integer overflow (bf1d9331-21b6-11e5-86ff-14dae9d210b8)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Stefan Cornelius from Red Hat reports :

An integer overflow flaw leading to a heap-based buffer overflow was
discovered in the way the texttopdf utility of cups-filter processed
print jobs with a specially crafted line size. An attacker being able
to submit print jobs could exploit this flaw to crash texttopdf or,
possibly, execute arbitrary code with the privileges of the 'lp' user.

Tim Waugh reports :

The Page allocation is moved into textcommon.c, where it does all the
necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds
for CVE-2015-3259 due to integer overflows for the calloc() call
initializing Page[0] and the memset() call in texttopdf.c's
WritePage() function zeroing the entire array.

See also :

https://access.redhat.com/security/cve/CVE-2015-3279
http://www.nessus.org/u?35f4859f
http://osdir.com/ml/opensource-software-security/2015-07/msg00021.html
http://www.nessus.org/u?52c2b244

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 84528 ()

Bugtraq ID:

CVE ID: CVE-2015-3279

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now