Launchpad.net

CVE 2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.

Related bugs and status

CVE-2009-0163 (Candidate) is related to these bugs:

Bug #357732: cups always prints with the default page size

		In	Importance	Status
357732	cups always prints with the default page size	cups (Ubuntu)	High	Fix Released
357732	cups always prints with the default page size	ghostscript (Ubuntu)	Undecided	Invalid
357732	cups always prints with the default page size	GS-GPL	High	Invalid
357732	cups always prints with the default page size	cups (Ubuntu Jaunty)	High	Fix Released
357732	cups always prints with the default page size	ghostscript (Ubuntu Jaunty)	Undecided	Invalid
357732	cups always prints with the default page size	cups (Ubuntu Intrepid)	Undecided	Invalid
357732	cups always prints with the default page size	ghostscript (Ubuntu Intrepid)	Undecided	Invalid

Bug #361866: FreezeException for cups (CVE-2009-0163)

Summary				In	Importance	Status
	361866	FreezeException for cups (CVE-2009-0163)		cups (Ubuntu)	Medium	Fix Released
	361866	FreezeException for cups (CVE-2009-0163)		cups (Ubuntu Jaunty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.cups.org/ar...
CONFIRM: http://www.cups.org/st...
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-1773
REDHAT: RHSA-2009:0428
REDHAT: RHSA-2009:0429
SUSE: SUSE-SA:2009:024
UBUNTU: USN-760-1
BID: 34571
SECTRACK: 1022070
SECUNIA: 34481
SECUNIA: 34722
SECUNIA: 34852
CONFIRM: http://wiki.rpath.com/...
GENTOO: GLSA-200904-20
SECUNIA: 34756
SECUNIA: 34747
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090417 rPSA-2009-006...