Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0053

Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.

Published

2008-03-18T23:44:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	cups	≤ 1.3.5	Yes
Application	apple	cups	1.1	Yes
Application	apple	cups	1.1.1	Yes
Application	apple	cups	1.1.2	Yes
Application	apple	cups	1.1.3	Yes
Application	apple	cups	1.1.4	Yes
Application	apple	cups	1.1.5	Yes
Application	apple	cups	1.1.5-1	Yes
Application	apple	cups	1.1.5-2	Yes
Application	apple	cups	1.1.6	Yes
Application	apple	cups	1.1.6-1	Yes
Application	apple	cups	1.1.6-2	Yes
Application	apple	cups	1.1.6-3	Yes
Application	apple	cups	1.1.7	Yes
Application	apple	cups	1.1.8	Yes
Application	apple	cups	1.1.9	Yes
Application	apple	cups	1.1.9-1	Yes
Application	apple	cups	1.1.10	Yes
Application	apple	cups	1.1.10-1	Yes
Application	apple	cups	1.1.11	Yes
Application	apple	cups	1.1.12	Yes
Application	apple	cups	1.1.13	Yes
Application	apple	cups	1.1.14	Yes
Application	apple	cups	1.1.15	Yes
Application	apple	cups	1.1.16	Yes
Application	apple	cups	1.1.17	Yes
Application	apple	cups	1.1.18	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.19	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.20	Yes
Application	apple	cups	1.1.21	Yes
Application	apple	cups	1.1.21	Yes
Application	apple	cups	1.1.21	Yes
Application	apple	cups	1.1.22	Yes
Application	apple	cups	1.1.22	Yes
Application	apple	cups	1.1.22	Yes
Application	apple	cups	1.1.23	Yes
Application	apple	cups	1.1.23	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2	Yes
Application	apple	cups	1.2.0	Yes
Application	apple	cups	1.2.1	Yes
Application	apple	cups	1.2.2	Yes
Application	apple	cups	1.2.3	Yes
Application	apple	cups	1.2.4	Yes
Application	apple	cups	1.2.5	Yes
Application	apple	cups	1.2.6	Yes
Application	apple	cups	1.2.7	Yes
Application	apple	cups	1.2.8	Yes
Application	apple	cups	1.2.9	Yes
Application	apple	cups	1.2.10	Yes
Application	apple	cups	1.2.11	Yes
Application	apple	cups	1.2.12	Yes
Application	apple	cups	1.3	Yes
Application	apple	cups	1.3	Yes
Application	apple	cups	1.3	Yes
Application	apple	cups	1.3.0	Yes
Application	apple	cups	1.3.1	Yes
Application	apple	cups	1.3.2	Yes
Application	apple	cups	1.3.3	Yes
Application	apple	cups	1.3.4	Yes
Application	apple	cups	1.3.9	Yes
Application	apple	cups	1.4.1	Yes

References

http://docs.info.apple.com/article.html?artnum=307562 ([email protected])
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Patch ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html ([email protected])
http://secunia.com/advisories/29420 Vendor Advisory ([email protected])
http://secunia.com/advisories/29573 Vendor Advisory ([email protected])
http://secunia.com/advisories/29603 Vendor Advisory ([email protected])
http://secunia.com/advisories/29630 Vendor Advisory ([email protected])
http://secunia.com/advisories/29634 Vendor Advisory ([email protected])
http://secunia.com/advisories/29655 Vendor Advisory ([email protected])
http://secunia.com/advisories/29659 Vendor Advisory ([email protected])
http://secunia.com/advisories/29750 Vendor Advisory ([email protected])
http://secunia.com/advisories/31324 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200804-01.xml ([email protected])
http://www.debian.org/security/2008/dsa-1625 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:081 ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0192.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0206.html ([email protected])
http://www.securityfocus.com/bid/28304 ([email protected])
http://www.securityfocus.com/bid/28334 ([email protected])
http://www.securitytracker.com/id?1019672 ([email protected])
http://www.ubuntu.com/usn/usn-598-1 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA08-079A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2008/0924/references Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/41272 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10356 ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html ([email protected])
http://docs.info.apple.com/article.html?artnum=307562 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29420 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29573 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29603 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29630 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29634 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29655 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29659 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29750 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31324 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200804-01.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1625 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:081 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0192.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0206.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28304 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28334 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1019672 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-598-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA08-079A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0924/references Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41272 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10356 (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html (af854a3a-2127-422b-91ae-364da2661108)