The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

weakness CVE-2008-1722

CUPS: integer overflows via PNG

Synthesis of the vulnerability

An attacker can print a malicious PNG image in order to generate several integer overflows in CUPS leading to a denial of service or to code execution.
Severity of this alert: 2/4.
Creation date: 15/04/2008.
Références of this alert: BID-28781, CERTA-2002-AVI-189, CERTA-2008-AVI-238, CVE-2008-1722, DSA-1625-1, FEDORA-2008-3449, FEDORA-2008-3586, FEDORA-2008-3756, L2790, MDVSA-2008:170, RHSA-2008:0498-01, VIGILANCE-VUL-7763, VU#218395.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

CUPS (Common UNIX Printing System) provides printers management under Unix. It listens on the 631/udp port, where clients connect.

The filter/image-png.c and filter/image-zoom.c files implement filters to print PNG images. In several places, these files contains memory allocations based on integer multiplications:
  malloc(xsize * ysize);
However, these multiplications can overflow and lead to the allocation of a short memory area. A memory corruption thus occurs when data are copied in these memory areas.

An attacker can therefore print a malicious PNG image in order to generate several integer overflows leading to a denial of service or to code execution on the server where CUPS is installed.
Full Vigil@nce bulletin... (Free trial)

This vulnerability announce impacts software or systems such as CUPS, Debian, Fedora, Mandriva Linux, Mandriva NF, RHEL.

Our Vigil@nce team determined that the severity of this cybersecurity threat is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this computer threat bulletin.

Solutions for this threat

CUPS: version 1.3.8.
Version 1.3.8 is corrected:
  http://www.cups.org/

CUPS: patch for PNG.
A patch is available.

Debian: new cupsys packages.
New packages are available:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys*_1.2.7-4etch4_*.deb

Fedora 9: new cups packages.
New packages are available:
  cups-1.3.7-2.fc9

Fedora: new cups packages.
New packages are available:
  cups-1.2.12-11.fc7
  cups-1.3.7-2.fc8

Mandriva: new cups packages.
New packages are available:
Mandriva Linux 2007.1: cups*-1.2.10-2.7mdv2007.1.*.rpm
Mandriva Linux 2008.0: cups*-1.3.6-1.2mdv2008.0.*.rpm
Mandriva Linux 2008.1: cups*-1.3.6-5.1mdv2008.1.*.rpm
Corporate 3.0: cups*-1.1.20-5.18.C30mdk.*.rpm
Corporate 4.0: cups*-1.2.4-0.9.20060mlcs4.*.rpm
Multi Network Firewall 2.0: cups*2-1.1.20-5.18.C30mdk.*.rpm

RHEL 3, 4, 5: new cups packages.
New packages are available:
Red Hat Enterprise Linux version 3: cups-1.1.17-13.3.53
Red Hat Enterprise Linux version 4: cups-1.1.22-0.rc1.9.20.2.el4_6.8
Red Hat Enterprise Linux version 5: cups-1.2.4-11.18.el5_2.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a cybersecurity database. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.