7.5

CVE-2008-3639

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleCups Version <= 1.3.8
AppleCups Version1.1
AppleCups Version1.1.1
AppleCups Version1.1.2
AppleCups Version1.1.3
AppleCups Version1.1.4
AppleCups Version1.1.5
AppleCups Version1.1.5-1
AppleCups Version1.1.5-2
AppleCups Version1.1.6
AppleCups Version1.1.6-1
AppleCups Version1.1.6-2
AppleCups Version1.1.6-3
AppleCups Version1.1.7
AppleCups Version1.1.8
AppleCups Version1.1.9
AppleCups Version1.1.9-1
AppleCups Version1.1.10
AppleCups Version1.1.10-1
AppleCups Version1.1.11
AppleCups Version1.1.12
AppleCups Version1.1.13
AppleCups Version1.1.14
AppleCups Version1.1.15
AppleCups Version1.1.16
AppleCups Version1.1.17
AppleCups Version1.1.18
AppleCups Version1.1.19
AppleCups Version1.1.19 Updaterc1
AppleCups Version1.1.19 Updaterc2
AppleCups Version1.1.19 Updaterc3
AppleCups Version1.1.19 Updaterc4
AppleCups Version1.1.19 Updaterc5
AppleCups Version1.1.20
AppleCups Version1.1.20 Updaterc1
AppleCups Version1.1.20 Updaterc2
AppleCups Version1.1.20 Updaterc3
AppleCups Version1.1.20 Updaterc4
AppleCups Version1.1.20 Updaterc5
AppleCups Version1.1.20 Updaterc6
AppleCups Version1.1.21
AppleCups Version1.1.21 Updaterc1
AppleCups Version1.1.21 Updaterc2
AppleCups Version1.1.22
AppleCups Version1.1.22 Updaterc1
AppleCups Version1.1.22 Updaterc2
AppleCups Version1.1.23
AppleCups Version1.1.23 Updaterc1
AppleCups Version1.2 Updateb1
AppleCups Version1.2 Updateb2
AppleCups Version1.2 Updaterc1
AppleCups Version1.2 Updaterc2
AppleCups Version1.2 Updaterc3
AppleCups Version1.2.0
AppleCups Version1.2.1
AppleCups Version1.2.2
AppleCups Version1.2.3
AppleCups Version1.2.4
AppleCups Version1.2.5
AppleCups Version1.2.6
AppleCups Version1.2.7
AppleCups Version1.2.8
AppleCups Version1.2.9
AppleCups Version1.2.10
AppleCups Version1.2.11
AppleCups Version1.2.12
AppleCups Version1.3 Updateb1
AppleCups Version1.3 Updaterc1
AppleCups Version1.3 Updaterc2
AppleCups Version1.3.0
AppleCups Version1.3.1
AppleCups Version1.3.2
AppleCups Version1.3.3
AppleCups Version1.3.4
AppleCups Version1.3.5
AppleCups Version1.3.6
AppleCups Version1.3.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.4% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/32292
Vendor Advisory
https://usn.ubuntu.com/656-1/
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
http://secunia.com/advisories/32316
Vendor Advisory
http://secunia.com/advisories/32084
Vendor Advisory
http://secunia.com/advisories/32226
Vendor Advisory
http://secunia.com/advisories/32284
Vendor Advisory
http://secunia.com/advisories/32331
http://secunia.com/advisories/33085
http://secunia.com/advisories/33111
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
http://www.cups.org/articles.php?L575
http://www.debian.org/security/2008/dsa-1656
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
http://www.redhat.com/support/errata/RHSA-2008-0937.html
http://www.vupen.com/english/advisories/2008/2782
http://www.vupen.com/english/advisories/2008/3401
http://www.vupen.com/english/advisories/2009/1568
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753
http://www.cups.org/str.php?L2918
Vendor Advisory
http://www.securityfocus.com/bid/31690
http://www.securitytracker.com/id?1021033
https://exchange.xforce.ibmcloud.com/vulnerabilities/45789
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464