NewStart CGSL MAIN 6.06 : cups Multiple Vulnerabilities (NS-SA-2025-0218)

critical Nessus Plugin ID 266283

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has cups packages installed that are affected by multiple vulnerabilities:

- ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. (CVE-2010-2941)

- The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
(CVE-2008-3641)

- Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka Infinite CPU spins.
(CVE-2005-3625)

- Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. (CVE-2005-3626)

- Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large number of components value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large Huffman table index value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo. (CVE-2005-3627)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL cups packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0218

https://security.gd-linux.com/info/CVE-2005-3625

https://security.gd-linux.com/info/CVE-2005-3626

https://security.gd-linux.com/info/CVE-2005-3627

https://security.gd-linux.com/info/CVE-2007-4045

https://security.gd-linux.com/info/CVE-2007-4352

https://security.gd-linux.com/info/CVE-2007-5392

https://security.gd-linux.com/info/CVE-2007-5393

https://security.gd-linux.com/info/CVE-2008-0047

https://security.gd-linux.com/info/CVE-2008-1373

https://security.gd-linux.com/info/CVE-2008-1722

https://security.gd-linux.com/info/CVE-2008-3639

https://security.gd-linux.com/info/CVE-2008-3640

https://security.gd-linux.com/info/CVE-2008-3641

https://security.gd-linux.com/info/CVE-2008-5183

https://security.gd-linux.com/info/CVE-2009-0163

https://security.gd-linux.com/info/CVE-2009-0164

https://security.gd-linux.com/info/CVE-2009-3553

https://security.gd-linux.com/info/CVE-2010-0302

https://security.gd-linux.com/info/CVE-2010-0540

https://security.gd-linux.com/info/CVE-2010-0542

https://security.gd-linux.com/info/CVE-2010-1748

https://security.gd-linux.com/info/CVE-2010-2941

https://security.gd-linux.com/info/CVE-2011-2896

https://security.gd-linux.com/info/CVE-2012-5519

https://security.gd-linux.com/info/CVE-2014-3537

https://security.gd-linux.com/info/CVE-2014-5029

https://security.gd-linux.com/info/CVE-2014-5030

https://security.gd-linux.com/info/CVE-2014-5031

https://security.gd-linux.com/info/CVE-2017-18248

https://security.gd-linux.com/info/CVE-2018-4180

https://security.gd-linux.com/info/CVE-2018-4181

https://security.gd-linux.com/info/CVE-2018-4182

https://security.gd-linux.com/info/CVE-2018-4183

https://security.gd-linux.com/info/CVE-2018-4700

https://security.gd-linux.com/info/CVE-2019-8675

https://security.gd-linux.com/info/CVE-2019-8696

https://security.gd-linux.com/info/CVE-2020-10001

https://security.gd-linux.com/info/CVE-2020-3898

Plugin Details

Severity: Critical

ID: 266283

File Name: newstart_cgsl_NS-SA-2025-0218_cups.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-3641

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2010-2941

Vulnerability Information

CPE: cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:cups-filesystem, p-cpe:/a:zte:cgsl_main:cups, p-cpe:/a:zte:cgsl_main:cups-libs, p-cpe:/a:zte:cgsl_main:cups-client

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 12/6/2005

Reference Information

CVE: CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2007-4045, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2008-0047, CVE-2008-1373, CVE-2008-1722, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641, CVE-2008-5183, CVE-2009-0163, CVE-2009-0164, CVE-2009-3553, CVE-2010-0302, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2941, CVE-2011-2896, CVE-2012-5519, CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031, CVE-2017-18248, CVE-2018-4180, CVE-2018-4181, CVE-2018-4182, CVE-2018-4183, CVE-2019-8675, CVE-2019-8696, CVE-2020-10001, CVE-2020-3898