Integer Overflow in CUPS Product Affects Image Processing Capabilities
CVE-2009-0163

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 23 April 2009

Summary

An integer overflow vulnerability exists in the TIFF image decoding routines of CUPS versions 1.3.9 and earlier. This flaw can be exploited by remote attackers to trigger a denial of service through a crafted TIFF image. The flawed handling of the image within the _cupsImageReadTIFF function in the imagetops filter and the imagetoraster filter may lead to a heap-based buffer overflow, potentially allowing attackers to execute arbitrary code, impacting system integrity and availability.

References

http://security.gentoo.org/glsa/glsa-200904-20.xml

vendor-advisoryx_refsource_GENTOO

http://www.cups.org/articles.php?L582

x_refsource_CONFIRM

http://www.ubuntu.com/usn/usn-760-1

vendor-advisoryx_refsource_UBUNTU

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 23, 2009
Vulnerability Reserved
Jan 16, 2009