Page 2 of 10 results (0.020 seconds)

CVSS: 7.5EPSS: 7%CPEs: 7EXPL: 0

Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. Desbordamiento del buffer basado en memoria dinámica en la función WriteProlog en filter/texttopdf.c en texttopdf en cups-filters antes del 1.0.70, que permite a atacantes remotos provocar una denegación de servcio (colapso) o la posibilidad de ejecutar código arbitrario a través de una línea larga que contiene caracteres anchos en una tarea de impresión. A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://rhn.redhat.com/errata/RHSA-2015-2360.html http://ubuntu.com/usn/usn-2659-1 http://www.debian.org/security/2015/dsa-3303 http://www.openwall.com/lists/oss-security/2015/06/26/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/75436 https://bugzilla.redhat.com/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función remove_bad_chars en utils/cups-browsed.c en cups-filters anterior a 1.0.66 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell consecutivos en el (1) modelo o (2) PDL. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://advisories.mageia.org/MGASA-2015-0132.html http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:196 http://www.ubuntu.com/usn/USN-2532-1 https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. La función process_browse_data en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de datos de paquetes manipulados. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68122 https://access.redhat.com/security/cve/CVE-2014-4337 https://bugzilla.redhat.com/show_bug.cgi?id=1111510 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un directivo cups-browsed.conf BrowseAllow malformado que se interpreta como si cediera acceso de navegación a todas las direcciones IP. A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. • http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 http://rhn.redhat.com/errata/RHSA-2014-1795.html http://secunia.com/advisories/62044 http://www.securityfocus.com/bid/68124 https://bugs.linuxfoundation.org/show_bug.cgi?id=1204 https://access.redhat.com/security/cve/CVE-2014-4338 https://bugzilla.redhat.com/show_bug.cgi?id=1091568 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. La función generate_local_queue en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a impresoras IPP remotas ejecutar comandos arbitrarios a través de metacaracteres de shell en el nombre del anfitrión. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2707. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 http://openwall.com/lists/oss-security/2014/04/25/7 http://openwall.com/lists/oss-security/2014/06/19/12 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •