Page 7 of 53 results (0.015 seconds)

CVSS: 6.4EPSS: 1%CPEs: 78EXPL: 0

CVE-2009-0164

https://notcve.org/view.php?id=CVE-2009-0164

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. La interfaz web de CUPS antes de v1.3.10 no valida la cabecera HTTP Host en una solicitud de un cliente, lo que facilita para realizar ataques de revinculación de DNS a atacantes remotos. • http://bugs.gentoo.org/show_bug.cgi?id=263070 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200904-20.xml http://support.apple.com/kb/HT3549 http://wiki.rpath.com/Advisories:rPSA-2009-0061 http://www.cups.org/articles.php?L582 http://www.cups.org/str.php?L3118 http://www.securityfocus.com/archive/1/502750/100/0/threaded http://www.securityfocus.com/bid/34665 http • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 78EXPL: 0

CVE-2009-0163 – cups: Integer overflow in the TIFF image filter

https://notcve.org/view.php?id=CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. El desbordamiento de enteros en las rutinas de decodificación de imágenes TIFF en CUPS versiones 1.3.9 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) y posiblemente ejecutar código arbitrario por medio de una imagen TIFF diseñada, que no es manejado apropiadamente por la función _cupsImageReadTIFF (1) en el filtro imagetops y (2) el filtro imagetoraster, lo que conduce a un desbordamiento de búfer en la región heap de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://secunia.com/advisories/34481 http://secunia.com/advisories/34722 http://secunia.com/advisories/34747 http://secunia.com/advisories/34756 http://secunia.com/advisories/34852 http://security.gentoo.org/glsa/glsa-200904-20.xml http://wiki.rpath.com/Advisories:rPSA-2009-0061 http://www.cups.org/articles.php?L582 http://www.cups.org/str.php?L3031 http://www.debian.org/security/2009/dsa-1773 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 2%CPEs: 106EXPL: 0

CVE-2009-0146 – xpdf: Multiple buffer overflows in JBIG2 decoder (setBitmap, readSymbolDictSeg) (CVE-2009-0195)

https://notcve.org/view.php?id=CVE-2009-0146

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Múltiples desbordamientos del búfer en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, y otros productos permiten a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado, relacionado a (1) JBIG2SymbolDict::setBitmap y (2) JBIG2Stream::readSymbolDictSeg. • http://bugs.gentoo.org/show_bug.cgi?id=263028 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisori • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 2%CPEs: 106EXPL: 0

CVE-2009-0147 – xpdf: Multiple integer overflows in JBIG2 decoder

https://notcve.org/view.php?id=CVE-2009-0147

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Múltiples desbordamientos enteros en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anterior, y otros productos permiten a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado, relacionado a (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg y (3) JBIG2Stream::readGenericBitmap. • http://bugs.gentoo.org/show_bug.cgi?id=263028 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisori • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 4.3EPSS: 2%CPEs: 154EXPL: 0

CVE-2009-0166 – xpdf: Freeing of potentially uninitialized memory in JBIG2 decoder

https://notcve.org/view.php?id=CVE-2009-0166

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. El decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anteriores, y otros productos permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado que desencadena una liberación de memoria no inicializada. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisories/34291 http://secunia.com/advisories/34481 http://secunia.com/advisories/34755 http://secunia.com/advisories/34756 http://secunia.com/advisories/34852 http://secunia.com/advisories/34959 • CWE-399: Resource Management Errors •