Lucene search

[email protected]NVD:CVE-2008-5286

HistoryDec 01, 2008 - 3:30 p.m.

CVE-2008-5286

2008-12-0115:30:03

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.864

Percentile

98.6%

JSON

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

Affected configurations

NVD

Node

applecupsMatch1.1.17

applecupsMatch1.1.18

applecupsMatch1.1.19

applecupsMatch1.1.19rc1

applecupsMatch1.1.19rc2

applecupsMatch1.1.19rc3

applecupsMatch1.1.19rc4

applecupsMatch1.1.19rc5

applecupsMatch1.1.20

applecupsMatch1.1.20rc1

applecupsMatch1.1.20rc2

applecupsMatch1.1.20rc3

applecupsMatch1.1.20rc4

applecupsMatch1.1.20rc5

applecupsMatch1.1.20rc6

applecupsMatch1.1.21

applecupsMatch1.1.21rc1

applecupsMatch1.1.21rc2

applecupsMatch1.1.22

applecupsMatch1.1.22rc1

applecupsMatch1.1.22rc2

applecupsMatch1.1.23

applecupsMatch1.1.23rc1

applecupsMatch1.2b1

applecupsMatch1.2b2

applecupsMatch1.2rc1

applecupsMatch1.2rc2

applecupsMatch1.2rc3

applecupsMatch1.2.0

applecupsMatch1.2.1

applecupsMatch1.2.2

applecupsMatch1.2.3

applecupsMatch1.2.4

applecupsMatch1.2.5

applecupsMatch1.2.6

applecupsMatch1.2.7

applecupsMatch1.2.8

applecupsMatch1.2.9

applecupsMatch1.2.10

applecupsMatch1.2.11

applecupsMatch1.2.12

applecupsMatch1.3b1

applecupsMatch1.3rc1

applecupsMatch1.3rc2

applecupsMatch1.3.0

applecupsMatch1.3.1

applecupsMatch1.3.2

applecupsMatch1.3.3

applecupsMatch1.3.4

applecupsMatch1.3.5

applecupsMatch1.3.6

applecupsMatch1.3.7

applecupsMatch1.3.8

applecupsMatch1.3.9

References

lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

secunia.com/advisories/32962

secunia.com/advisories/33101

secunia.com/advisories/33111

secunia.com/advisories/33568

svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt

www.cups.org/str.php?L2974

www.debian.org/security/2008/dsa-1677

www.gentoo.org/security/en/glsa/glsa-200812-01.xml

www.gentoo.org/security/en/glsa/glsa-200812-11.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:028

www.mandriva.com/security/advisories?name=MDVSA-2009:029

www.openwall.com/lists/oss-security/2008/12/01/1

www.redhat.com/support/errata/RHSA-2008-1028.html

www.securityfocus.com/bid/32518

www.securitytracker.com/id?1021298

www.vupen.com/english/advisories/2008/3315

exchange.xforce.ibmcloud.com/vulnerabilities/46933

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10058

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.864

Percentile

98.6%

JSON

Related for NVD:CVE-2008-5286

cvelist1 freebsd1 openvas34 centos1 checkpoint_advisories1 ubuntucve1 debian1 cve1 nessus14 redhat1 debiancve1 prion1 oraclelinux1 fedora7 ubuntu1 gentoo1 securityvulns1