FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0163

This CVE name corresponds to:

Entered Topic
2009-05-07 cups -- remote code execution and DNS rebinding

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0163 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-0163
Phase Assigned(20090116)

Description

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.

References

Source Reference
BUGTRAQ 20090417 rPSA-2009-0061-1 cups
CONFIRM http://www.cups.org/articles.php?L582
CONFIRM http://www.cups.org/str.php?L3031
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=490596
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0061
DEBIAN DSA-1773
GENTOO GLSA-200904-20
REDHAT RHSA-2009:0428
REDHAT RHSA-2009:0429
SUSE SUSE-SA:2009:024
UBUNTU USN-760-1
BID 34571
OVAL oval:org.mitre.oval:def:11546
SECTRACK 1022070
SECUNIA 34481
SECUNIA 34722
SECUNIA 34852
SECUNIA 34756
SECUNIA 34747

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.