Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubuntu_linux | Canonical | 10.04 (including) | 10.04 (including) |
| Ubuntu_linux | Canonical | 12.04 (including) | 12.04 (including) |
| Ubuntu_linux | Canonical | 12.10 (including) | 12.10 (including) |
| Ubuntu_linux | Canonical | 13.10 (including) | 13.10 (including) |
| Debian_linux | Debian | * | * |
| Fedora | Fedoraproject | * | * |
| Cups | Ubuntu | lucid | * |
| Cups-filters | Ubuntu | devel | * |
| Cups-filters | Ubuntu | precise | * |
| Cups-filters | Ubuntu | quantal | * |
| Cups-filters | Ubuntu | saucy | * |
| Cups-filters | Ubuntu | upstream | * |
References
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66166
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027550
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66166
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027550