Summary: | <net-print/cups-filters-1.0.48: arbitrary code execution with the privileges of the "lp" user (CVE-2013-{6473,6474,6475,6476}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andreas K. Hüttel <dilfridge> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Andreas K. Hüttel
2014-03-13 11:27:12 UTC
OK seems like this went under the radar... Nothing to stabilize here anymore, there is bug 506518 requesting a newer version by now. CVE-2013-6476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6476): The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. CVE-2013-6475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6475): Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. CVE-2013-6474 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6474): Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2013-6473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6473): Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. Stabilized as part of Bug 508844 This issue was resolved and addressed in GLSA 201406-16 at http://security.gentoo.org/glsa/glsa-201406-16.xml by GLSA coordinator Mikle Kolyada (Zlogene). |