CVE-2008-0053 – cups: buffer overflows in HP-GL/2 filter
https://notcve.org/view.php?id=CVE-2008-0053
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. Múltiples desbordamientos de búfer en el filtro HP-GL/2-a-PostScript en CUPS versiones anteriores a 1.3.6, podrían permitir a los atacantes remotos ejecutar código arbitrario por medio de un archivo HP-GL/2 diseñado. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29573 http://secunia.com/advisories/29603 http://secunia.com/advisories/29630 http://secunia.com/advisories/29634 http://secunia.com/advisories/29655 http://secunia.com/advisories/29659 http://secunia.com/advisories/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0597 – cups: dereference of free'd memory handling IPP browse requests
https://notcve.org/view.php?id=CVE-2008-0597
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. Vulnerabilidad de uso después de liberación (use-after-free) en CUPS antes de 1.1.22 y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) a través de paquetes IPP manipulados. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html http://secunia.com/advisories/29087 http://secunia.com/advisories/29189 http://secunia.com/advisories/29251 http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm http://wiki.rpath.com/Advisories:rPSA-2008-0091 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091 http://www.mandriva.com/security/advisories?name=MDVSA-2008:050 http://www. • CWE-399: Resource Management Errors •
CVE-2008-0596 – cups: memory leak handling IPP browse requests
https://notcve.org/view.php?id=CVE-2008-0596
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. Fuga de memoria en CUPS versiones anteriores a 1.1.22 y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de un gran número de peticiones para añadir y eliminar impresoras compartidas. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html http://secunia.com/advisories/29087 http://secunia.com/advisories/29189 http://secunia.com/advisories/29251 http://secunia.com/advisories/29420 http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm http://wiki.rpath • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2007-4351 – cups boundary error
https://notcve.org/view.php?id=CVE-2007-4351
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. Error de superación de límite (off-by-one) en la función ippReadIO de cup/ipp.c de CUPS 1.3.3 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una etiqueta (1) textWithLanguage o (2) nameWithLanguage Internet Printing Protocol (IPP) manipuladas, llevando a un desbordamiento de búfer basado en pila. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/27233 http://secunia.com/advisories/27410 http://secunia.com/advisories/27445 http://secunia.com/advisories/27447 http://secunia.com/advisories/27474 http://secunia.com/advisories/27494 http://secunia.com/advisories/27499 http://secunia.com/advisories/27540 http://secunia.com/advisories/27577 http://secunia.com/advisories • CWE-189: Numeric Errors •
CVE-2007-3387 – xpdf integer overflow
https://notcve.org/view.php?id=CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Un desbordamiento de enteros en la función StreamPredictor::StreamPredictor en xpdf versión 3.02, tal como es usado en (1) poppler anterior a versión 0.5.91, (2) gpdf anterior a versión 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podrían permitir que los atacantes remotos ejecuten código arbitrario por medio de un archivo PDF creado que causa un desbordamiento del búfer en la región stack de la memoria, en la función StreamPredictor::getNextLine. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=187139 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 http://osvdb.org/40127 http://secunia.com/advisories/26188 http://secunia.com/advisories/26251 http://secunia.com/advisories/26254 http://secunia.com/advisories/26255 http://secunia.com/advisories/26257 http://secunia.com/advisories/26278 • CWE-190: Integer Overflow or Wraparound •