In association with heise online

15 April 2008, 19:21

CUPS trips up on crafted PNG images

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

When confronted with crafted PNG images, an integer overflow may occur in the current 1.3.7 version of the CUPS Unix printing service. This could result in a buffer overflow that would potentially allow an attacker to infiltrate and execute code from within the local network. Older versions are probably also affected.

The vulnerability results from a failure to check multiplication for overflow in the file filter/image-png.c, which calculates how much memory to reserve based on the image's X and Y values. An overflow during multiplication could result in insufficient memory being reserved.

So far, no update has been released, although the developers have already fixed the problem in the subversion repository. Those who compile the source themselves can download, compile and install the latest binaries. Linux distributors are likely to backport the patch to the current versions and offer updated packages, which administrators should install. Until the updates are available, access to shared printers on CUPS should be restricted to trusted machines.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-736106
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit