[Pkg-cups-devel] Bug#535488: Bug#535488: cupsys: CVE-2009-0791 integer overflow vulnerabilities
Michael S. Gilbert
michael.s.gilbert at gmail.com
Sun Jul 12 21:29:40 UTC 2009
reopen 535488
reopen 535489
thanks
On Sat, 11 Jul 2009 17:20:46 +0200 Martin Pitt wrote:
> Hello Michael,
>
> Michael S. Gilbert [2009-07-02 12:35 -0400]:
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for cups.
> >
> > CVE-2009-0791[0]:
> > | Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
> > | 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
> > | (application crash) or possibly execute arbitrary code via a crafted
> > | PDF file that triggers a heap-based buffer overflow, possibly related
> > | to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
> > | JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the
> > | JBIG2Stream.cxx vector may overlap CVE-2009-1179.
>
> This vulnerability does not affect cups. Because xpdf vulnerabilities
> are so common, the Debian cups package has used the external
> xpdf-utils or poppler-utils since at least woody.
are you sure about this? i've checked the etch cupsys and lenny cups
packages and found that the pdftops source is indeed present (and the
patches for this are not applied). the only way i see this as not
affected is if these packages do not build the pdftops code. i am not
that familiar with the package, so i did not check whether this is the
case. i've checked the unstable cups package and the pdftops code is
in fact removed there.
mike
More information about the Pkg-cups-devel
mailing list