6.8

CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleCups Version <= 1.3.9
AppleCups Version1.1
AppleCups Version1.1.1
AppleCups Version1.1.2
AppleCups Version1.1.3
AppleCups Version1.1.4
AppleCups Version1.1.5
AppleCups Version1.1.5-1
AppleCups Version1.1.5-2
AppleCups Version1.1.6
AppleCups Version1.1.6-1
AppleCups Version1.1.6-2
AppleCups Version1.1.6-3
AppleCups Version1.1.7
AppleCups Version1.1.8
AppleCups Version1.1.9
AppleCups Version1.1.9-1
AppleCups Version1.1.10
AppleCups Version1.1.10-1
AppleCups Version1.1.11
AppleCups Version1.1.12
AppleCups Version1.1.13
AppleCups Version1.1.14
AppleCups Version1.1.15
AppleCups Version1.1.16
AppleCups Version1.1.17
AppleCups Version1.1.18
AppleCups Version1.1.19
AppleCups Version1.1.19 Updaterc1
AppleCups Version1.1.19 Updaterc2
AppleCups Version1.1.19 Updaterc3
AppleCups Version1.1.19 Updaterc4
AppleCups Version1.1.19 Updaterc5
AppleCups Version1.1.20
AppleCups Version1.1.20 Updaterc1
AppleCups Version1.1.20 Updaterc2
AppleCups Version1.1.20 Updaterc3
AppleCups Version1.1.20 Updaterc4
AppleCups Version1.1.20 Updaterc5
AppleCups Version1.1.20 Updaterc6
AppleCups Version1.1.21
AppleCups Version1.1.21 Updaterc1
AppleCups Version1.1.21 Updaterc2
AppleCups Version1.1.22
AppleCups Version1.1.22 Updaterc1
AppleCups Version1.1.22 Updaterc2
AppleCups Version1.1.23
AppleCups Version1.1.23 Updaterc1
AppleCups Version1.2 Updateb1
AppleCups Version1.2 Updateb2
AppleCups Version1.2 Updaterc1
AppleCups Version1.2 Updaterc2
AppleCups Version1.2 Updaterc3
AppleCups Version1.2.0
AppleCups Version1.2.1
AppleCups Version1.2.2
AppleCups Version1.2.3
AppleCups Version1.2.4
AppleCups Version1.2.5
AppleCups Version1.2.6
AppleCups Version1.2.7
AppleCups Version1.2.8
AppleCups Version1.2.9
AppleCups Version1.2.10
AppleCups Version1.2.11
AppleCups Version1.2.12
AppleCups Version1.3 Updateb1
AppleCups Version1.3 Updaterc1
AppleCups Version1.3 Updaterc2
AppleCups Version1.3.0
AppleCups Version1.3.1
AppleCups Version1.3.2
AppleCups Version1.3.3
AppleCups Version1.3.4
AppleCups Version1.3.5
AppleCups Version1.3.6
AppleCups Version1.3.7
AppleCups Version1.3.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.25% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
http://secunia.com/advisories/34481
Vendor Advisory
http://secunia.com/advisories/34756
Vendor Advisory
http://secunia.com/advisories/34852
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://wiki.rpath.com/Advisories:rPSA-2009-0061
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.securityfocus.com/archive/1/502750/100/0/threaded
http://secunia.com/advisories/34722
Vendor Advisory
http://secunia.com/advisories/34747
Vendor Advisory
http://www.cups.org/articles.php?L582
http://www.cups.org/str.php?L3031
http://www.debian.org/security/2009/dsa-1773
http://www.redhat.com/support/errata/RHSA-2009-0428.html
http://www.securityfocus.com/bid/34571
http://www.securitytracker.com/id?1022070
http://www.ubuntu.com/usn/usn-760-1
https://bugzilla.redhat.com/show_bug.cgi?id=490596
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546