What is CVE-2013-6474?

CVE-2013-6474 is a vulnerability in Linuxfoundation Cups-filters, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-03-14.

Is CVE-2013-6474 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Linuxfoundation Cups-filters

CVE-2013-6474

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

Vulnerability class: Buffer Overflow

EPSS: 0.142 (94.5th percentile) — read the EPSS interpretation.

Affected products

Linuxfoundation Cups-filters — versions 1.0, 1.0.1, 1.0.2
Canonical Ubuntu_linux — versions 10.04, 12.04, 12.10
Debian Debian_linux
Fedoraproject Fedora
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

USN-2144-1 (x_refsource_UBUNTU, vendor-advisory)
DSA-2876 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
USN-2143-1 (x_refsource_UBUNTU, vendor-advisory)
DSA-2875 (vendor-advisory, x_refsource_DEBIAN)
66163 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2013-6474?: CVE-2013-6474 is a vulnerability in Linuxfoundation Cups-filters, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-03-14.
Is CVE-2013-6474 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.