Secunia

Some vulnerabilities have been reported in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system.

1) Two boundary errors exist in the implementation of the HP-GL/2 filter. These can be exploited to cause buffer overflows via HP-GL/2 files containing overly large pen numbers.

2) A boundary error exists within the "read_rle16()" function when processing SGI (Silicon Graphics Image) files. This can be exploited to cause a heap-based buffer overflow via a specially crafted SGI file.

3) An integer overflow error exists within the "WriteProlog()" function included in the "texttops" utility. This can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 1.3.9.

Solution
Update to version 1.3.9.

Provided and/or discovered by
1) regenrecht, reported via ZDI
2, 3) regenrecht, reported via iDefense

Changelog
Further details available in Customer Area

Original Advisory
CUPS:
http://www.cups.org/relnotes.php#010123
http://www.cups.org/str.php?L2911
http://www.cups.org/str.php?L2918
http://www.cups.org/str.php?L2919

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-067/

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=752
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753

Deep Links
Links available in Customer Area