漏洞信息详情
CUPS PNG _cupsImageReadPNG()函数整数溢出漏洞
漏洞简介
Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。
CUPS PNG过滤器的_cupsImageReadPNG()函数中执行了以下计算:
bufsize = img->xsize * img->ysize * 3;
if ((bufsize / (img->ysize * 3)) != img->xsize)
{
fprintf(stderr, \"DEBUG: PNG image dimensions (\\%ux\\%u) too large!\n\",
(unsigned)width, (unsigned)height);
fclose(fp);
return (1);
}
验证代码的img->ysize * 3可能会出现整数溢出,导致执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.debian.org/security/2008/dsa-1677
http://www.cups.org/strfiles/2974/str2974.patch
参考网址
来源: BID
名称: 32518
链接:http://www.securityfocus.com/bid/32518
来源: CONFIRM
名称: http://www.cups.org/str.php?L2974
; Patch Information
链接:http://www.cups.org/str.php?L2974
来源: XF
名称: cups-cupsimagereadpng-overflow(46933)
链接:http://xforce.iss.net/xforce/xfdb/46933
来源: SECTRACK
名称: 1021298
链接:http://www.securitytracker.com/id?1021298
来源: REDHAT
名称: RHSA-2008:1028
链接:http://www.redhat.com/support/errata/RHSA-2008-1028.html
来源: MLIST
名称: [oss-security] 20081201 (sort of urgent) CVE Request -- cups (repost)
链接:http://www.openwall.com/lists/oss-security/2008/12/01/1
来源: MANDRIVA
名称: MDVSA-2009:029
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:029
来源: MANDRIVA
名称: MDVSA-2009:028
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:028
来源: GENTOO
名称: GLSA-200812-11
链接:http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
来源: GENTOO
名称: GLSA-200812-01
链接:http://www.gentoo.org/security/en/glsa/glsa-200812-01.xml
来源: VUPEN
名称: ADV-2008-3315
链接:http://www.frsirt.com/english/advisories/2008/3315
来源: DEBIAN
名称: DSA-1677
链接:http://www.debian.org/security/2008/dsa-1677
来源: CONFIRM
名称: http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
链接:http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
来源: SECUNIA
名称: 33568
链接:http://secunia.com/advisories/33568
来源: SECUNIA
名称: 33111
链接:http://secunia.com/advisories/33111
来源: SECUNIA
名称: 33101
链接:http://secunia.com/advisories/33101
来源: SECUNIA
名称: 32962
链接:http://secunia.com/advisories/32962
来源: SUSE
名称: SUSE-SR:2009:002
链接:http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
受影响实体
- Apple Cups:1.3:Rc1<!--2000-1-1-->
- Apple Cups:1.1.20:Rc4<!--2000-1-1-->
- Apple Cups:1.1.20:Rc3<!--2000-1-1-->
- Apple Cups:1.1.19:Rc4<!--2000-1-1-->
- Apple Cups:1.1.19:Rc5<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...