Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Sat Jan 22, 2005 10:17 am Post subject: [ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf cod
|Gentoo Linux Security Advisory
Title: CUPS: Stack overflow in included Xpdf code (GLSA 200501-30)
Date: January 22, 2005
CUPS includes Xpdf code and therefore is vulnerable to the recent stack
overflow issue, potentially resulting in the remote execution of arbitrary
The Common UNIX Printing System (CUPS) is a cross-platform print
spooler. It makes use of Xpdf code to handle PDF files.
Vulnerable: < 1.1.23-r1
Unaffected: >= 1.1.23-r1
Architectures: All supported architectures
The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc
insufficiently checks boundaries when processing /Encrypt /Length tags
in PDF files (GLSA 200501-28).
This issue could be exploited by a remote attacker to execute
arbitrary code by sending a malicious print job to a CUPS spooler.
There is no known workaround at this time.
All CUPS users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1"
Last edited by GLSA on Mon Jun 10, 2013 4:19 am; edited 2 times in total