Heap-based Buffer Overflow in CUPS Filters Affects Print Jobs
CVE-2015-3258

Currently unrated

Key Information:

Vendor: Debian
Status: Debian Linux; Ubuntu Linux
Vendor: CVE Published:; 14 July 2015

Summary

A heap-based buffer overflow vulnerability exists in the WriteProlog function of the texttopdf component in CUPS Filters prior to version 1.0.70. This can be exploited by remote attackers through specially crafted print jobs with small line sizes, potentially leading to a crash of the CUPS service and, in some cases, arbitrary code execution. Users of affected versions are advised to upgrade to mitigate the associated risks.

References

http://ubuntu.com/usn/usn-2659-1

vendor-advisoryx_refsource_UBUNTU

https://security.gentoo.org/glsa/201510-08

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/75436

vdb-entryx_refsource_BID

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 14, 2015
Vulnerability Reserved
Apr 10, 2015