FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cups -- multiple vulnerabilities

Affected packages
		cups-base	<	1.3.9

Details

VuXML ID	ce29ce1d-971a-11dd-ab7e-001c2514716c
Discovery	2008-10-09
Entry	2008-10-10

The release note of cups 1.3.9 reports:

It contains the following fixes:

SECURITY: The HP-GL/2 filter did not range check pen numbers (STR #2911)

SECURITY: The SGI image file reader did not range check 16-bit run lengths (STR #2918)

SECURITY: The text filter did not range check cpi, lpi, or column values (STR #2919)

[source]

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service.

References

CVE Name	CVE-2008-3639
CVE Name	CVE-2008-3640
CVE Name	CVE-2008-3641