VULHUB ™

iDefense Security Advisory 11.03.08 - Remote exploitation of an integer overflow vulnerability in CUPS, as included in various vendors operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the WriteProlog() function in the "texttops" application. When calculating the page size used for storing PostScript data, multiple values that are derived from attacker-controlled content are used in a multiplication operation. This calculation can overflow, resulting in an incorrect result for the total page size. This value is then used to allocate a heap buffer that is later filled with attacker controlled content, resulting in a heap buffer overflow. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.7. Previous versions may also be affected.

iDefense Security Advisory 11.03.08 - Remote exploitation of an integer overflow vulnerability in CUPS, as included in various vendors operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the WriteProlog() function in the "texttops" application. When calculating the page size used for storing PostScript data, multiple values that are derived from attacker-controlled content are used in a multiplication operation. This calculation can overflow, resulting in an incorrect result for the total page size. This value is then used to allocate a heap buffer that is later filled with attacker controlled content, resulting in a heap buffer overflow. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.7. Previous versions may also be affected.