National Cyber-Alert System

Vulnerability Summary for CVE-2008-3640

Overview

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 31690

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/31690

External Source: FEDORA

Name: FEDORA-2008-8844

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html

External Source: FEDORA

Name: FEDORA-2008-8801

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html

External Source: XF

Name: cups-writeprolog-bo(45790)

Hyperlink:http://xforce.iss.net/xforce/xfdb/45790

External Source: VUPEN

Name: ADV-2009-1568

Hyperlink:http://www.vupen.com/english/advisories/2009/1568

External Source: UBUNTU

Name: USN-656-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-656-1

External Source: SECTRACK

Name: 1021034

Hyperlink:http://www.securitytracker.com/id?1021034

External Source: REDHAT

Name: RHSA-2008:0937

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0937.html

External Source: MANDRIVA

Name: MDVSA-2008:211

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:211

External Source: GENTOO

Name: GLSA-200812-11

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml

External Source: VUPEN

Name: ADV-2008-3401

Hyperlink:http://www.frsirt.com/english/advisories/2008/3401

External Source: VUPEN

Name: ADV-2008-2782

Type: Advisory

Hyperlink:http://www.frsirt.com/english/advisories/2008/2782

External Source: DEBIAN

Name: DSA-1656

Hyperlink:http://www.debian.org/security/2008/dsa-1656

External Source: CONFIRM

Name: http://www.cups.org/str.php?L2919

Hyperlink:http://www.cups.org/str.php?L2919

External Source: CONFIRM

Name: http://www.cups.org/articles.php?L575

Hyperlink:http://www.cups.org/articles.php?L575

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm

External Source: SUNALERT

Name: 261088

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1

External Source: SECUNIA

Name: 33111

Hyperlink:http://secunia.com/advisories/33111

External Source: SECUNIA

Name: 33085

Hyperlink:http://secunia.com/advisories/33085

External Source: SECUNIA

Name: 32316

Type: Advisory

Hyperlink:http://secunia.com/advisories/32316

External Source: SECUNIA

Name: 32292

Type: Advisory

Hyperlink:http://secunia.com/advisories/32292

External Source: SECUNIA

Name: 32284

Type: Advisory

Hyperlink:http://secunia.com/advisories/32284

External Source: SECUNIA

Name: 32226

Type: Advisory

Hyperlink:http://secunia.com/advisories/32226

External Source: SECUNIA

Name: 32084

Type: Advisory

Hyperlink:http://secunia.com/advisories/32084

External Source: SUSE

Name: SUSE-SR:2008:021

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

External Source: IDEFENSE

Name: 20081009 Multiple Vendor CUPS texttops Integer Overflow Vulnerability

Hyperlink:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=752