// For flags

CVE-2008-1373

cups: overflow in gif image filter

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

Un desbordamiento de búfer en la función gif_read_lzw en CUPS versión 1.3.6, permite a los atacantes remotos tener un impacto desconocido por medio de un archivo GIF con un valor code_size grande, un problema similar a CVE-2006-4484.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Adjacent
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-03-18 CVE Reserved
  • 2008-04-02 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-11-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (28)
URL Tag Source
http://secunia.com/advisories/31324 Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0136 X_refsource_confirm
http://www.securityfocus.com/archive/1/490486/100/0/threaded Mailing List
http://www.securityfocus.com/bid/28544 Vdb Entry
http://www.securitytracker.com/id?1019739 Vdb Entry
http://www.vupen.com/english/advisories/2008/1059/references Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41587 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11479 Signature
URL Date SRC
http://www.cups.org/str.php?L2765 2024-08-07
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html 2018-10-11
http://secunia.com/advisories/29573 2018-10-11
http://secunia.com/advisories/29603 2018-10-11
http://secunia.com/advisories/29630 2018-10-11
http://secunia.com/advisories/29634 2018-10-11
http://secunia.com/advisories/29655 2018-10-11
http://secunia.com/advisories/29659 2018-10-11
http://secunia.com/advisories/29661 2018-10-11
http://secunia.com/advisories/29750 2018-10-11
http://security.gentoo.org/glsa/glsa-200804-01.xml 2018-10-11
http://www.debian.org/security/2008/dsa-1625 2018-10-11
http://www.mandriva.com/security/advisories?name=MDVSA-2008:081 2018-10-11
http://www.redhat.com/support/errata/RHSA-2008-0192.html 2018-10-11
http://www.redhat.com/support/errata/RHSA-2008-0206.html 2018-10-11
http://www.ubuntu.com/usn/usn-598-1 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html 2018-10-11
https://access.redhat.com/security/cve/CVE-2008-1373 2008-04-01
https://bugzilla.redhat.com/show_bug.cgi?id=438303 2008-04-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Easy Software Products
Search vendor "Easy Software Products"
 Cups
Search vendor "Easy Software Products" for product "Cups"
 1.3.6
Search vendor "Easy Software Products" for product "Cups" and version "1.3.6"
-
Affected