From the upstream changelog: -- CHANGES IN V1.0.47 - pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and CVE-2013-6476: Introductionof gmallocn and gmallocn3 to protect against arbitrary code execution with the privileges of the "lp" user via malicious PDF files. Also restrict the directory from where OPVP drivers can get loaded. - urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based buffer overflow flaws in urftopdf. If a malicious URF file were processed it could lead to arbitrary code execution with the privileges of the "lp" user. -- Please test and if OK stabilize =net-print/cups-filters-1.0.48
OK seems like this went under the radar... Nothing to stabilize here anymore, there is bug 506518 requesting a newer version by now.
CVE-2013-6476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6476): The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. CVE-2013-6475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6475): Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. CVE-2013-6474 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6474): Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2013-6473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6473): Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
Stabilized as part of Bug 508844
This issue was resolved and addressed in GLSA 201406-16 at http://security.gentoo.org/glsa/glsa-201406-16.xml by GLSA coordinator Mikle Kolyada (Zlogene).