Arbitrary Code Execution

2020-04-1000:37:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.018 Low

EPSS

Percentile

88.3%

JSON

cups is vulnerable to arbitrary code execution. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF) decoding routines used by the CUPS image-converting filters, “imagetops” and “imagetoraster”. An attacker could create a malicious TIFF file that could, potentially, execute arbitrary code as the “lp” user if the file was printed.

CPENameOperatorVersion
cupseq1.2.4__11.18.el5_2.1
cupseq1.2.4__11.5.1.el5
cupseq1.2.4__11.14.el5_1.4
cupseq1.2.4__11.14.el5_1.6
cupseq1.2.4__11.18.el5_2.2
cupseq1.1.22__0.rc1.9.20.2.el4_6.5
cupseq1.1.22__0.rc1.9.20.2.el4_6.6
cupseq1.2.4__11.5.el5
cupseq1.2.4__11.5.3.el5
cupseq1.1.22__0.rc1.9.20.2.el4_6.8

Name	Operator	Version
cups	eq	1.2.4__11.18.el5_2.1
cups	eq	1.2.4__11.5.1.el5
cups	eq	1.2.4__11.14.el5_1.4
cups	eq	1.2.4__11.14.el5_1.6
cups	eq	1.2.4__11.18.el5_2.2
cups	eq	1.1.22__0.rc1.9.20.2.el4_6.5
cups	eq	1.1.22__0.rc1.9.20.2.el4_6.6
cups	eq	1.2.4__11.5.el5
cups	eq	1.2.4__11.5.3.el5
cups	eq	1.1.22__0.rc1.9.20.2.el4_6.8