Vulnerability Name:

CVE-2008-5286 (CCN-46933)

Assigned:2008-10-16
Published:2008-10-16
Updated:2017-09-29
Summary:Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-5286

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:002

Source: CCN
Type: RHSA-2008-1028
Moderate: cups security update

Source: SECUNIA
Type: UNKNOWN
32962

Source: SECUNIA
Type: UNKNOWN
33101

Source: SECUNIA
Type: UNKNOWN
33111

Source: SECUNIA
Type: UNKNOWN
33568

Source: CCN
Type: SECTRACK ID: 1021298
CUPS Integer Overflow in _cupsImageReadPNG() Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-494
cups security update (RHSA-2008-1028)

Source: CCN
Type: Easy Software Products Web site
CHANGES IN CUPS V1.3.10

Source: CONFIRM
Type: UNKNOWN
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt

Source: CCN
Type: CUPS STR #2974
potential int overflow in _cupsImageReadPNG()

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.cups.org/str.php?L2974

Source: DEBIAN
Type: UNKNOWN
DSA-1677

Source: DEBIAN
Type: DSA-1677
cupsys -- integer overflow

Source: GENTOO
Type: UNKNOWN
GLSA-200812-01

Source: CCN
Type: GLSA-200812-11
CUPS: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200812-11

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:028

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:029

Source: MLIST
Type: UNKNOWN
[oss-security] 20081201 (sort of urgent) CVE Request -- cups (repost)

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1028

Source: BID
Type: Patch
32518

Source: CCN
Type: BID-32518
CUPS PNG Filter '_cupsImageReadPNG()' Integer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021298

Source: CCN
Type: USN-707-1
CUPS vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2008-3315

Source: XF
Type: UNKNOWN
cups-cupsimagereadpng-overflow(46933)

Source: XF
Type: UNKNOWN
cups-cupsimagereadpng-overflow(46933)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10058

Source: SUSE
Type: SUSE-SR:2009:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:cups:1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:b1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:b2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:b1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.9:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.19_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.20_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.21_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.21_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.22_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.23:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.23_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:easy_software_products:cups:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:b1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apple:cups:1.3.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20085286
    V
    		CVE-2008-5286
    2015-11-16
    oval:org.mitre.oval:def:13871
    P
    		USN-707-1 -- cups, cupsys vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20149
    P
    		DSA-1677-1 cupsys - arbitrary code execution
    2014-06-23
    oval:org.mitre.oval:def:8231
    P
    		DSA-1677 cupsys -- integer overflow
    2014-06-23
    oval:org.mitre.oval:def:10058
    V
    		Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
    2013-04-29
    oval:com.redhat.rhsa:def:20081028
    P
    		RHSA-2008:1028: cups security update (Moderate)
    2008-12-15
    oval:org.debian:def:1677
    V
    		integer overflow
    2008-12-02
    BACK
    apple cups 1.1.17
    apple cups 1.1.18
    apple cups 1.1.19
    apple cups 1.1.19 rc1
    apple cups 1.1.19 rc2
    apple cups 1.1.19 rc3
    apple cups 1.1.19 rc4
    apple cups 1.1.19 rc5
    apple cups 1.1.20
    apple cups 1.1.20 rc1
    apple cups 1.1.20 rc2
    apple cups 1.1.20 rc3
    apple cups 1.1.20 rc4
    apple cups 1.1.20 rc5
    apple cups 1.1.20 rc6
    apple cups 1.1.21
    apple cups 1.1.21 rc1
    apple cups 1.1.21 rc2
    apple cups 1.1.22
    apple cups 1.1.22 rc1
    apple cups 1.1.22 rc2
    apple cups 1.1.23
    apple cups 1.1.23 rc1
    apple cups 1.2 b1
    apple cups 1.2 b2
    apple cups 1.2 rc1
    apple cups 1.2 rc2
    apple cups 1.2 rc3
    apple cups 1.2.0
    apple cups 1.2.1
    apple cups 1.2.2
    apple cups 1.2.3
    apple cups 1.2.4
    apple cups 1.2.5
    apple cups 1.2.6
    apple cups 1.2.7
    apple cups 1.2.8
    apple cups 1.2.9
    apple cups 1.2.10
    apple cups 1.2.11
    apple cups 1.2.12
    apple cups 1.3 b1
    apple cups 1.3 rc1
    apple cups 1.3 rc2
    apple cups 1.3.0
    apple cups 1.3.1
    apple cups 1.3.2
    apple cups 1.3.3
    apple cups 1.3.4
    apple cups 1.3.5
    apple cups 1.3.6
    apple cups 1.3.7
    apple cups 1.3.8
    apple cups 1.3.9
    easy_software_products cups 1.1.4
    easy_software_products cups 1.1.19
    easy_software_products cups 1.1.22
    easy_software_products cups 1.1.21
    apple cups 1.3.3
    apple cups 1.3.5
    apple cups 1.3.6
    apple cups 1.3.7
    easy_software_products cups 1.1
    easy_software_products cups 1.1.1
    easy_software_products cups 1.1.10
    easy_software_products cups 1.1.11
    easy_software_products cups 1.1.12
    easy_software_products cups 1.1.13
    easy_software_products cups 1.1.14
    easy_software_products cups 1.1.15
    easy_software_products cups 1.1.16
    easy_software_products cups 1.1.17
    easy_software_products cups 1.1.18
    easy_software_products cups 1.1.19_rc5
    easy_software_products cups 1.1.19_rc1
    easy_software_products cups 1.1.19_rc2
    easy_software_products cups 1.1.19_rc3
    easy_software_products cups 1.1.19_rc4
    easy_software_products cups 1.1.2
    easy_software_products cups 1.1.20
    easy_software_products cups 1.1.20_rc1
    easy_software_products cups 1.1.20_rc2
    easy_software_products cups 1.1.20_rc3
    easy_software_products cups 1.1.20_rc4
    easy_software_products cups 1.1.20_rc5
    easy_software_products cups 1.1.20_rc6
    easy_software_products cups 1.1.21_rc1
    easy_software_products cups 1.1.21_rc2
    easy_software_products cups 1.1.22_rc1
    easy_software_products cups 1.1.22_rc2
    easy_software_products cups 1.1.23
    easy_software_products cups 1.1.23_rc1
    easy_software_products cups 1.1.3
    easy_software_products cups 1.1.5
    easy_software_products cups 1.1.6
    easy_software_products cups 1.1.7
    easy_software_products cups 1.1.8
    easy_software_products cups 1.1.9
    easy_software_products cups 1.2.10
    easy_software_products cups 1.2.9
    apple cups 1.3.8
    easy_software_products cups 1.2.12
    easy_software_products cups 1.2.4
    apple cups 1.3.0
    apple cups 1.3.1
    apple cups 1.3.2
    apple cups 1.3 b1
    apple cups 1.3 rc1
    apple cups 1.3 rc2
    apple cups 1.3.4
    apple cups 1.3.9
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04