FreeBSD : cups-filters -- texttopdf integer overflow (bf1d9331-21b6-11e5-86ff-14dae9d210b8)

High Nessus Plugin ID 84528


The remote FreeBSD host is missing a security-related update.


Stefan Cornelius from Red Hat reports :

An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user.

Tim Waugh reports :

The Page allocation is moved into textcommon.c, where it does all the necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds for CVE-2015-3259 due to integer overflows for the calloc() call initializing Page[0] and the memset() call in texttopdf.c's WritePage() function zeroing the entire array.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 84528

File Name: freebsd_pkg_bf1d933121b611e586ff14dae9d210b8.nasl

Version: $Revision: 2.4 $

Type: local

Published: 2015/07/06

Modified: 2017/07/06

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cups-filters, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/07/03

Vulnerability Publication Date: 2015/07/03

Reference Information

CVE: CVE-2015-3279