Signature Detail

APP: Apple CUPS PNG Filter Overly Large Image Height Integer Overflow

This signature detects attempts to exploit a known vulnerability in the Apple CUPS PNG Filter. A successful attack can lead to a integer overflow and arbitrary remote code execution within the context of the server.

Extended Description

CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers. Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions. Versions prior to CUPS 1.3.10 are vulnerable.

Affected Products

• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Easy Software Products CUPS 1.1.17
• Easy Software Products CUPS 1.1.18
• Easy Software Products CUPS 1.1.19
• Easy Software Products CUPS 1.1.19 Rc5
• Easy Software Products CUPS 1.1.20
• Easy Software Products CUPS 1.1.21
• Easy Software Products CUPS 1.1.22
• Easy Software Products CUPS 1.1.22 Rc1
• Easy Software Products CUPS 1.1.23
• Easy Software Products CUPS 1.1.23 Rc1
• Easy Software Products CUPS 1.2.10
• Easy Software Products CUPS 1.2.12
• Easy Software Products CUPS 1.2.2
• Easy Software Products CUPS 1.2.4
• Easy Software Products CUPS 1.2.8
• Easy Software Products CUPS 1.2.9
• Easy Software Products CUPS 1.3.2
• Easy Software Products CUPS 1.3.3
• Easy Software Products CUPS 1.3.5
• Easy Software Products CUPS 1.3.6
• Easy Software Products CUPS 1.3.7
• Easy Software Products CUPS 1.3.8
• Easy Software Products CUPS 1.3.9
• Gentoo Linux
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2008.0
• Mandriva Linux Mandrake 2008.0 X86 64
• Mandriva Linux Mandrake 2008.1
• Mandriva Linux Mandrake 2008.1 X86 64
• Mandriva Multi Network Firewall 2.0.0
• Pardus Linux 2008
• Red Hat Desktop 3.0.0
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux WS 3
• rPath Appliance Platform Linux Service 1
• rPath Appliance Platform Linux Service 2
• rPath rPath Linux 1
• rPath rPath Linux 2
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE SUSE Linux Enterprise Desktop 10 SP2
• SuSE SUSE Linux Enterprise Server 10 SP2
• SuSE SUSE Linux Enterprise Server 9
• Ubuntu Ubuntu Linux 6.06 LTS Amd64
• Ubuntu Ubuntu Linux 6.06 LTS I386
• Ubuntu Ubuntu Linux 6.06 LTS Powerpc
• Ubuntu Ubuntu Linux 6.06 LTS Sparc
• Ubuntu Ubuntu Linux 7.10 Amd64
• Ubuntu Ubuntu Linux 7.10 I386
• Ubuntu Ubuntu Linux 7.10 Lpia
• Ubuntu Ubuntu Linux 7.10 Powerpc
• Ubuntu Ubuntu Linux 7.10 Sparc
• Ubuntu Ubuntu Linux 8.04 LTS Amd64
• Ubuntu Ubuntu Linux 8.04 LTS I386
• Ubuntu Ubuntu Linux 8.04 LTS Lpia
• Ubuntu Ubuntu Linux 8.04 LTS Powerpc
• Ubuntu Ubuntu Linux 8.04 LTS Sparc
• Ubuntu Ubuntu Linux 8.10 Amd64
• Ubuntu Ubuntu Linux 8.10 I386
• Ubuntu Ubuntu Linux 8.10 Lpia
• Ubuntu Ubuntu Linux 8.10 Powerpc
• Ubuntu Ubuntu Linux 8.10 Sparc

References

• BugTraq: 32518
• CVE: CVE-2008-5286