rpm package
opensuse/cups&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cups&distro=openSUSE%20Tumbleweed
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-2820 | — | < 2.1.3-2.3 | 2.1.3-2.3 | Nov 10, 2009 | The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks v | ||
| CVE-2009-0163 | — | < 2.1.3-2.3 | 2.1.3-2.3 | Apr 23, 2009 | Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in | ||
| CVE-2008-3641 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Oct 10, 2008 | The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | ||
| CVE-2008-1693 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Apr 18, 2008 | The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted fo | ||
| CVE-2008-1722 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Apr 10, 2008 | Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. | ||
| CVE-2008-0047 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Mar 18, 2008 | Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | ||
| CVE-2007-5393 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Nov 8, 2007 | Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. | ||
| CVE-2007-4352 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Nov 8, 2007 | Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | ||
| CVE-2007-4351 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Oct 31, 2007 | Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. | ||
| CVE-2007-3387 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Jul 30, 2007 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted | ||
| CVE-2007-0104 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Jan 9, 2007 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution | ||
| CVE-2005-3628 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Dec 31, 2005 | Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. | ||
| CVE-2005-3624 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Dec 31, 2005 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer und | ||
| CVE-2005-3193 | — | < 2.3.3op2-4.2 | 2.3.3op2-4.2 | Dec 7, 2005 | Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a |
- CVE-2009-2820Nov 10, 2009affected < 2.1.3-2.3fixed 2.1.3-2.3
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks v
- CVE-2009-0163Apr 23, 2009affected < 2.1.3-2.3fixed 2.1.3-2.3
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in
- CVE-2008-3641Oct 10, 2008affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
- CVE-2008-1693Apr 18, 2008affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted fo
- CVE-2008-1722Apr 10, 2008affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.
- CVE-2008-0047Mar 18, 2008affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
- CVE-2007-5393Nov 8, 2007affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
- CVE-2007-4352Nov 8, 2007affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
- CVE-2007-4351Oct 31, 2007affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
- CVE-2007-3387Jul 30, 2007affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted
- CVE-2007-0104Jan 9, 2007affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution
- CVE-2005-3628Dec 31, 2005affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
- CVE-2005-3624Dec 31, 2005affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer und
- CVE-2005-3193Dec 7, 2005affected < 2.3.3op2-4.2fixed 2.3.3op2-4.2
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a
Page 3 of 3