OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

cups -- stack overflow in included xpdf code

Affected packages
cups < 1.1.23p0

Details

VuXML ID 70857374-6c99-11d9-9b2f-00065bd5b0b6
Discovery 2005-01-18
Entry 2005-01-22

CUPS includes xpdf code and therefore is vulnerable to the recent stack overflow issue, potentially resulting in the remote execution of arbitrary code.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function.

References

CVE Name CAN-2005-0064
URL http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.