This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:CUPS:JBIG2-SYMBOLDICTIONARY
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
CUPS JBIG2 Symbol Dictionary Buffer Overflow
|
Release Date |
2011/07/21
|
Update Number |
1959
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: CUPS JBIG2 Symbol Dictionary Buffer Overflow
This signature detects attempts to exploit a known vulnerability in CUPS and Xpdf products. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Extended Description
CUPS and Xpdf are prone to a remote buffer-overflow vulnerability because they fail to properly bounds-check user-supplied input before copying it into a finite-sized buffer.
Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
The following are vulnerable; other applications or versions may also be affected:
Xpdf 3.02pl2 and earlier
CUPS 1.3.9 and earlier
NOTE: This vulnerability may already be covered in BID 34568 (Xpdf JBIG2 Processing Multiple Security Vulnerabilities). We will update (or possibly retire) this BID as more information emerges.
Affected Products
- Easy_software_products cups 1.0.4
- Easy_software_products cups 1.0.4 -8
- Easy_software_products cups 1.1.1
- Easy_software_products cups 1.1.10
- Easy_software_products cups 1.1.12
- Easy_software_products cups 1.1.13
- Easy_software_products cups 1.1.14
- Easy_software_products cups 1.1.15
- Easy_software_products cups 1.1.16
- Easy_software_products cups 1.1.17
- Easy_software_products cups 1.1.18
- Easy_software_products cups 1.1.19
- Easy_software_products cups 1.1.19 Rc5
- Easy_software_products cups 1.1.20
- Easy_software_products cups 1.1.21
- Easy_software_products cups 1.1.22
- Easy_software_products cups 1.1.22 Rc1
- Easy_software_products cups 1.1.23
- Easy_software_products cups 1.1.23 Rc1
- Easy_software_products cups 1.1.4
- Easy_software_products cups 1.1.4 -2
- Easy_software_products cups 1.1.4 -3
- Easy_software_products cups 1.1.4 -5
- Easy_software_products cups 1.1.6
- Easy_software_products cups 1.1.7
- Easy_software_products cups 1.2.10
- Easy_software_products cups 1.2.12
- Easy_software_products cups 1.2.2
- Easy_software_products cups 1.2.4
- Easy_software_products cups 1.2.8
- Easy_software_products cups 1.2.9
- Easy_software_products cups 1.3.2
- Easy_software_products cups 1.3.3
- Easy_software_products cups 1.3.5
- Easy_software_products cups 1.3.6
- Easy_software_products cups 1.3.7
- Easy_software_products cups 1.3.8
- Easy_software_products cups 1.3.9
- Gnome gpdf 2.8.2
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2009.0
- Mandriva linux_mandrake 2009.0 X86 64
- Mandriva multi_network_firewall 2.0.0
- Pardus linux_2008
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux Desktop Version 4
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 4
- Red_hat fedora 11
- Ubuntu ubuntu_linux 9.04 Amd64
- Ubuntu ubuntu_linux 9.04 I386
- Ubuntu ubuntu_linux 9.04 Lpia
- Ubuntu ubuntu_linux 9.04 Powerpc
- Ubuntu ubuntu_linux 9.04 Sparc
- Xpdf xpdf 3.0.0 0
- Xpdf xpdf 3.0.0 1
- Xpdf xpdf 3.0.0 1Pl1
- Xpdf xpdf 3.0.0 Pl2
- Xpdf xpdf 3.0.0 Pl3
- Xpdf xpdf 3.01
- Xpdf xpdf 3.0.1 (Patch 2)
- Xpdf xpdf 3.02
- Xpdf xpdf 3.02Pl1
- Xpdf xpdf 3.02Pl2
References