Vulnerability Note VU#218395
CUPS integer overflow vulnerability
CUPS contains an integer overflow that may allow a remote attacker to cause a vulnerable system to crash.
The Common Unix Printing System (CUPS) is a print server that is used and distributed by many Unix-like operating systems. CUPS contains an integer overflow vulnerability that occurs in its image processing library.
From the CUPS bug tracker:
img->xsize * img->ysize may overflow (CUPS_IMAGE_MAX_WIDTH and CUPS_IMAGE_MAX_HEIGHT are too big for multiplication).
malloc(img->xsize * img->ysize * 3) can result in a buffer that's too small. Also, the return codes of alot of the mallocs aren't checked, when a NULL pointer is passed to png_read_row, it may be possible to corrupt memory this way as well. I have a .png that does this.
Users who obtain CUPS from their operating system vendor should see the systems affected portion of this document for a partial list of affected vendors.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CUPS, the Common UNIX Printing System||Affected||-||25 Apr 2008|
|Gentoo Linux||Affected||25 Apr 2008||30 Apr 2008|
|Juniper Networks, Inc.||Not Affected||25 Apr 2008||30 Apr 2008|
|Microsoft Corporation||Not Affected||25 Apr 2008||30 Apr 2008|
|NetBSD||Not Affected||25 Apr 2008||30 Apr 2008|
|Apple Computer, Inc.||Unknown||25 Apr 2008||25 Apr 2008|
|Conectiva Inc.||Unknown||25 Apr 2008||25 Apr 2008|
|Cray Inc.||Unknown||25 Apr 2008||25 Apr 2008|
|Debian GNU/Linux||Unknown||25 Apr 2008||25 Apr 2008|
|EMC Corporation||Unknown||25 Apr 2008||25 Apr 2008|
|Engarde Secure Linux||Unknown||25 Apr 2008||25 Apr 2008|
|F5 Networks, Inc.||Unknown||25 Apr 2008||25 Apr 2008|
|Fedora Project||Unknown||25 Apr 2008||25 Apr 2008|
|FreeBSD, Inc.||Unknown||25 Apr 2008||25 Apr 2008|
|Fujitsu||Unknown||25 Apr 2008||25 Apr 2008|
CVSS Metrics (Learn More)
This document was written by Dean Reges.
- CVE IDs: CVE-2008-1722
- Date Public: 15 Apr 2008
- Date First Published: 25 Apr 2008
- Date Last Updated: 30 Apr 2008
- Severity Metric: 8.33
- Document Revision: 41
If you have feedback, comments, or additional information about this vulnerability, please send us email.