CVE-2015-3279 - Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote atta

CVE-2015-3279

Summary

Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:linuxfoundation:cups-filters:1.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.22:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.23:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.24:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.25:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.25:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.26:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.26:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.27:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.27:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.28:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.28:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.29:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.29:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.30:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.30:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.31:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.31:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.32:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.32:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.33:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.33:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.34:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.34:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.35:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.35:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.36:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.36:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.37:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.37:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.38:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.38:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.39:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.39:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.40:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.40:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 28-12-2016 - 02:59)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1238990
title	CVE-2015-3279 cups-filters: texttopdf integer overflow

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment cups-filters is earlier than 0:1.0.35-21.el7
oval oval:com.redhat.rhsa:tst:20152360001
comment cups-filters is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141795002

AND

comment cups-filters-devel is earlier than 0:1.0.35-21.el7
oval oval:com.redhat.rhsa:tst:20152360003
comment cups-filters-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141795004

AND

comment cups-filters-libs is earlier than 0:1.0.35-21.el7
oval oval:com.redhat.rhsa:tst:20152360005
comment cups-filters-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141795006

rhsa

id	RHSA-2015:2360
released	2015-11-19
severity	Moderate
title	RHSA-2015:2360: cups-filters security, bug fix, and enhancement update (Moderate)

rpms

cups-filters-0:1.0.35-21.el7
cups-filters-debuginfo-0:1.0.35-21.el7
cups-filters-devel-0:1.0.35-21.el7
cups-filters-libs-0:1.0.35-21.el7

refmap via4

bid	75557
confirm	http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1238990
debian	DSA-3303
gentoo	GLSA-201510-08
mlist	[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters
suse	openSUSE-SU-2015:1244
ubuntu	USN-2659-1

Last major update

28-12-2016 - 02:59

Published

14-07-2015 - 16:59

Last modified

28-12-2016 - 02:59