CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
88.5%
Package : cups
Version : 1.4.4-7+squeeze7
CVE ID : CVE-2014-9679
Debian Bug : #778387
Peter De Wachter discovered that CUPS, the Common UNIX Printing
System, did not correctly parse compressed raster files. By submitting
a specially crafted raster file, a remote attacker could use this
vulnerability to trigger a buffer overflow.
For the oldstable distribution (squeeze), this problem has been fixed in
version 1.4.4-7+squeeze7.
For the stable distribution (wheezy), this problem has been fixed in
version 1.5.3-5+deb7u5.
We recommend that you upgrade your cups packages.
–
Ben Hutchings - Debian developer, kernel team member
Attachment:
signature.asc
Description: This is a digitally signed message part
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armel | libcupsmime1-dev | < 1.5.3-5+deb7u5 | libcupsmime1-dev_1.5.3-5+deb7u5_armel.deb |
Debian | 6 | amd64 | libcupsimage2 | < 1.4.4-7+squeeze7 | libcupsimage2_1.4.4-7+squeeze7_amd64.deb |
Debian | 7 | kfreebsd-i386 | libcups2-dev | < 1.5.3-5+deb7u5 | libcups2-dev_1.5.3-5+deb7u5_kfreebsd-i386.deb |
Debian | 7 | kfreebsd-i386 | libcupsppdc1 | < 1.5.3-5+deb7u5 | libcupsppdc1_1.5.3-5+deb7u5_kfreebsd-i386.deb |
Debian | 7 | i386 | libcupsdriver1 | < 1.5.3-5+deb7u5 | libcupsdriver1_1.5.3-5+deb7u5_i386.deb |
Debian | 7 | kfreebsd-i386 | libcupsppdc1-dev | < 1.5.3-5+deb7u5 | libcupsppdc1-dev_1.5.3-5+deb7u5_kfreebsd-i386.deb |
Debian | 7 | powerpc | cups-ppdc | < 1.5.3-5+deb7u5 | cups-ppdc_1.5.3-5+deb7u5_powerpc.deb |
Debian | 7 | kfreebsd-i386 | cups-client | < 1.5.3-5+deb7u5 | cups-client_1.5.3-5+deb7u5_kfreebsd-i386.deb |
Debian | 7 | armel | libcupsimage2 | < 1.5.3-5+deb7u5 | libcupsimage2_1.5.3-5+deb7u5_armel.deb |
Debian | 7 | all | cupsddk | < 1.5.3-5+deb7u5 | cupsddk_1.5.3-5+deb7u5_all.deb |