Описание
CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's imagetoraster filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format....
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra/bionic | released | 1.20.2-0ubuntu3.3+esm2 |
| esm-infra/focal | released | 1.27.4-1ubuntu0.4+esm1 |
| esm-infra/xenial | released | 1.8.3-2ubuntu3.5+esm3 |
| jammy | released | 1.28.15-0ubuntu1.5 |
| noble | not-affected | code not present |
| plucky | not-affected | code not present |
| questing | not-affected | code not present |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | pending | 2.1.1-0ubuntu4 |
| jammy | DNE | |
| noble | released | 2.0.0-0ubuntu7.2 |
| plucky | released | 2.1.1-0ubuntu2.1 |
| questing | released | 2.1.1-0ubuntu3.1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
3.7 Low
CVSS3
Связанные уязвимости
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17 and libscupsfilters versions 2.0.0 through 2.1.1, CUPS-Filters's `imagetoraster` filter has an out of bounds read/write vulnerability in the processing of TIFF image files. While the pixel buffer is allocated with the number of pixels times a pre-calculated bytes-per-pixel value, the function which processes these pixels is called with a size of the number of pixels times 3. When suitable inputs are passed, the bytes-per-pixel value can be set to 1 and bytes outside of the buffer bounds get processed. In order to trigger the bug, an attacker must issue a print job with a crafted TIFF file, and pass appropriate print job options to control the bytes-per-pixel value of the output format. Th
CUPS is a standards-based, open-source printing system, and `libcupsfi ...
Уязвимость функции cfFilterImageToRaster сервера печати CUPS, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS
3.7 Low
CVSS3