Summary: | <net-print/cups-2.0.2-r1: cupsRasterReadPixels: buffer overflow with invalid page header and compressed raster data (CVE-2014-9679) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Frank Krömmelbein <kroemmelbein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | pacho, printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Frank Krömmelbein
2015-02-10 09:31:57 UTC
2.0.2 is already in the tree and it should fix this (In reply to Pacho Ramos from comment #1) > 2.0.2 is already in the tree and it should fix this Is it ready for stabilization? CVE-2014-9679 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9679): Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Vulnerable versions have been removed. See bug #553644 and bug #553836 @security: Please create a glsa for that New GLSA requested. This issue was resolved and addressed in GLSA 201607-06 at https://security.gentoo.org/glsa/201607-06 by GLSA coordinator Aaron Bauman (b-man). |