U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:cups:1.3.7
There are 44 matching records.
Displaying matches 41 through 44.
Vuln ID Summary CVSS Severity
CVE-2008-3639

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

Published: October 14, 2008; 5:10:35 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3641

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

Published: October 10, 2008; 6:30:03 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-1374

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.

Published: April 03, 2008; 8:44:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Published: July 30, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM