Buffer overflow in Easy_software_products Cups

CVE-2008-1373

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

Vulnerability class: Buffer Overflow

EPSS: 0.022 (79.9th percentile) — read the EPSS interpretation.

Affected products

Easy_software_products Cups — versions 1.3.6
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vdb-entry, x_refsource_BID)
secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)