CVE-2015-3258
cups-filters: texttopdf heap-based buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
Desbordamiento del buffer basado en memoria dinámica en la función WriteProlog en filter/texttopdf.c en texttopdf en cups-filters antes del 1.0.70, que permite a atacantes remotos provocar una denegación de servcio (colapso) o la posibilidad de ejecutar código arbitrario a través de una línea larga que contiene caracteres anchos en una tarea de impresión.
A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user.
The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-10 CVE Reserved
- 2015-07-07 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2015/06/26/4 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/75436 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html | 2023-02-12 | |
| http://rhn.redhat.com/errata/RHSA-2015-2360.html | 2023-02-12 | |
| http://ubuntu.com/usn/usn-2659-1 | 2023-02-12 | |
| http://www.debian.org/security/2015/dsa-3303 | 2023-02-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1235385 | 2015-11-19 | |
| https://security.gentoo.org/glsa/201510-08 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2015-3258 | 2015-11-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.1 Search vendor "Debian" for product "Debian Linux" and version "7.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Linuxfoundation Search vendor "Linuxfoundation" | Cups-filters Search vendor "Linuxfoundation" for product "Cups-filters" | <= 1.0.70 Search vendor "Linuxfoundation" for product "Cups-filters" and version " <= 1.0.70" | - |
Affected
| ||||||