Heap-based Buffer Overflow in CUPS Affects Remote Code Execution
CVE-2013-6474

Currently unrated

Key Information:

Vendor: Linux
Status: Cups-filters
Vendor: CVE Published:; 14 March 2014

Summary

A heap-based buffer overflow vulnerability exists in the pdftoopvp filter of the Common UNIX Printing System (CUPS) and its associated cups-filters package before version 1.0.47. This flaw allows remote attackers to craft a malicious PDF file that, when processed, can lead to arbitrary code execution on affected systems. Successful exploitation may grant an attacker unauthorized access and control, making it essential for users to apply the necessary updates promptly.

References

http://www.ubuntu.com/usn/USN-2144-1

vendor-advisoryx_refsource_UBUNTU

http://www.debian.org/security/2014/dsa-2876

vendor-advisoryx_refsource_DEBIAN

https://bugzilla.redhat.com/show_bug.cgi?id=1027548

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 14, 2014
Vulnerability Reserved
Nov 4, 2013