Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:APPLE-CUPS-PNG-FILTER-OF |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Apple CUPS PNG Filter Overly Large Image Height Integer Overflow |
Release Date |
2011/07/26 |
Update Number |
1961 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Apple CUPS PNG Filter Overly Large Image Height Integer Overflow
This signature detects attempts to exploit a known vulnerability in the Apple CUPS PNG Filter. A successful attack can lead to a integer overflow and arbitrary remote code execution within the context of the server.
Extended Description
CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers. Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions. Versions prior to CUPS 1.3.10 are vulnerable.
Affected Products
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Easy_software_products cups 1.1.17
- Easy_software_products cups 1.1.18
- Easy_software_products cups 1.1.19
- Easy_software_products cups 1.1.19 Rc5
- Easy_software_products cups 1.1.20
- Easy_software_products cups 1.1.21
- Easy_software_products cups 1.1.22
- Easy_software_products cups 1.1.22 Rc1
- Easy_software_products cups 1.1.23
- Easy_software_products cups 1.1.23 Rc1
- Easy_software_products cups 1.2.10
- Easy_software_products cups 1.2.12
- Easy_software_products cups 1.2.2
- Easy_software_products cups 1.2.4
- Easy_software_products cups 1.2.8
- Easy_software_products cups 1.2.9
- Easy_software_products cups 1.3.2
- Easy_software_products cups 1.3.3
- Easy_software_products cups 1.3.5
- Easy_software_products cups 1.3.6
- Easy_software_products cups 1.3.7
- Easy_software_products cups 1.3.8
- Easy_software_products cups 1.3.9
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2008.1
- Mandriva linux_mandrake 2008.1 X86 64
- Mandriva multi_network_firewall 2.0.0
- Pardus linux_2008
- Red_hat desktop 3.0.0
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_ws 3
- Rpath appliance_platform_linux_service 1
- Rpath appliance_platform_linux_service 2
- Rpath rpath_linux 1
- Rpath rpath_linux 2
- Suse opensuse 10.3
- Suse opensuse 11.0
- Suse suse_linux_enterprise_desktop 10 SP2
- Suse suse_linux_enterprise_server 10 SP2
- Suse suse_linux_enterprise_server 9
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 7.10 Amd64
- Ubuntu ubuntu_linux 7.10 I386
- Ubuntu ubuntu_linux 7.10 Lpia
- Ubuntu ubuntu_linux 7.10 Powerpc
- Ubuntu ubuntu_linux 7.10 Sparc
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Ubuntu ubuntu_linux 8.10 Amd64
- Ubuntu ubuntu_linux 8.10 I386
- Ubuntu ubuntu_linux 8.10 Lpia
- Ubuntu ubuntu_linux 8.10 Powerpc
- Ubuntu ubuntu_linux 8.10 Sparc
References
- BugTraq: 32518
- CVE: CVE-2008-5286