CVE-2014-9679
cups: cupsRasterReadPixels buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash.
Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-12 CVE Reserved
- 2015-02-19 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2015-0067.html | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2015/02/10/15 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/02/12/12 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/72594 | Third Party Advisory | |
| http://www.securitytracker.com/id/1031776 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Safe
|
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Safe
|
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Safe
|
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Safe
|
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 20 Search vendor "Fedoraproject" for product "Fedora" and version "20" | - |
Safe
|
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 21 Search vendor "Fedoraproject" for product "Fedora" and version "21" | - |
Safe
|
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Safe
|
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 2.0.1 Search vendor "Apple" for product "Cups" and version " <= 2.0.1" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Safe
|