MidnightBSD

Advisories for easy_software_products

CVE-2001-0194 HIGH

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups *
CVE-2001-1332 HIGH

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups *
CVE-2001-1333 LOW

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups *
CVE-2002-0063 HIGH

Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups *
CVE-2002-1366 MEDIUM

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
apple mac_os_x 10.2
easy_software_products cups 1.0.4
apple mac_os_x 10.2.2
easy_software_products cups 1.1.10
easy_software_products cups 1.1.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
easy_software_products cups 1.1.14
CVE-2002-1367 HIGH

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
apple mac_os_x 10.2
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.0.4
apple mac_os_x 10.2.2
easy_software_products cups 1.1.10
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
CVE-2002-1368 HIGH

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
apple mac_os_x 10.2
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.0.4
apple mac_os_x 10.2.2
easy_software_products cups 1.1.10
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
CVE-2002-1369 HIGH

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
apple mac_os_x 10.2
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.0.4
apple mac_os_x 10.2.2
easy_software_products cups 1.1.10
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
CVE-2002-1371 HIGH

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
apple mac_os_x 10.2
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.0.4
apple mac_os_x 10.2.2
easy_software_products cups 1.1.10
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
CVE-2002-1383 HIGH

Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
apple mac_os_x 10.2
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.0.4
apple mac_os_x 10.2.2
easy_software_products cups 1.1.10
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
CVE-2002-1384 HIGH

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
xpdf xpdf 2.1
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.4_5
xpdf xpdf 2.0
easy_software_products cups 1.1.4
xpdf xpdf 0.91
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
xpdf xpdf 1.0
xpdf xpdf 1.1
xpdf xpdf 0.90
easy_software_products cups 1.0.4
easy_software_products cups 1.1.10
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
xpdf xpdf 1.0a
CVE-2003-0788 MEDIUM

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.1.13
easy_software_products cups 1.0.4_8
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
easy_software_products cups 1.1.18
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.0.4
easy_software_products cups 1.1.12
easy_software_products cups 1.1.10
easy_software_products cups 1.1.6
easy_software_products cups 1.1.7
easy_software_products cups 1.1.16
CVE-2004-0558 MEDIUM

The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups *
CVE-2004-0888 HIGH

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.20
redhat enterprise_linux_desktop 3.0
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
kde koffice 1.3
xpdf xpdf 2.0
kde koffice 1.3_beta1
easy_software_products cups 1.1.19
suse suse_linux 9.2
redhat fedora_core core_2.0
gnome gpdf 0.131
kde koffice 1.3_beta3
kde kde 3.2.2
easy_software_products cups 1.0.4
suse suse_linux 9.0
xpdf xpdf 0.92
ubuntu ubuntu_linux 4.1
xpdf xpdf 3.0
easy_software_products cups 1.1.6
xpdf xpdf 1.0a
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
kde koffice 1.3.1
easy_software_products cups 1.0.4_8
gentoo linux *
easy_software_products cups 1.1.18
kde kde 3.2
pdftohtml pdftohtml 0.35
xpdf xpdf 0.90
easy_software_products cups 1.1.10
kde koffice 1.3.2
easy_software_products cups 1.1.7
kde kde 3.3
tetex tetex 2.0
easy_software_products cups 1.1.17
suse suse_linux 8.0
kde koffice 1.3_beta2
easy_software_products cups 1.1.13
xpdf xpdf 2.1
pdftohtml pdftohtml 0.33a
tetex tetex 2.0.2
redhat enterprise_linux 3.0
suse suse_linux 8.1
xpdf xpdf 0.91
kde kpdf 3.2
kde koffice 1.3.3
kde kde 3.2.1
pdftohtml pdftohtml 0.32a
easy_software_products cups 1.1.19_rc5
redhat enterprise_linux 2.1
suse suse_linux 8.2
xpdf xpdf 2.3
xpdf xpdf 0.93
tetex tetex 2.0.1
pdftohtml pdftohtml 0.34
easy_software_products cups 1.1.1
tetex tetex 1.0.7
pdftohtml pdftohtml 0.32b
kde kde 3.3.1
gnome gpdf 0.112
kde kde 3.2.3
easy_software_products cups 1.1.4
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
xpdf xpdf 1.0
xpdf xpdf 1.1
pdftohtml pdftohtml 0.33
pdftohtml pdftohtml 0.36
easy_software_products cups 1.1.12
debian debian_linux 3.0
suse suse_linux 9.1
CVE-2004-0889 HIGH

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.20
redhat enterprise_linux_desktop 3.0
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
kde koffice 1.3
xpdf xpdf 2.0
kde koffice 1.3_beta1
easy_software_products cups 1.1.19
suse suse_linux 9.2
redhat fedora_core core_2.0
gnome gpdf 0.131
kde koffice 1.3_beta3
kde kde 3.2.2
easy_software_products cups 1.0.4
suse suse_linux 9.0
xpdf xpdf 0.92
ubuntu ubuntu_linux 4.1
xpdf xpdf 3.0
easy_software_products cups 1.1.6
xpdf xpdf 1.0a
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
kde koffice 1.3.1
easy_software_products cups 1.0.4_8
gentoo linux *
easy_software_products cups 1.1.18
kde kde 3.2
pdftohtml pdftohtml 0.35
xpdf xpdf 0.90
easy_software_products cups 1.1.10
kde koffice 1.3.2
easy_software_products cups 1.1.7
kde kde 3.3
tetex tetex 2.0
easy_software_products cups 1.1.17
suse suse_linux 8.0
kde koffice 1.3_beta2
easy_software_products cups 1.1.13
xpdf xpdf 2.1
pdftohtml pdftohtml 0.33a
tetex tetex 2.0.2
redhat enterprise_linux 3.0
suse suse_linux 8.1
xpdf xpdf 0.91
kde kpdf 3.2
kde koffice 1.3.3
kde kde 3.2.1
pdftohtml pdftohtml 0.32a
easy_software_products cups 1.1.19_rc5
redhat enterprise_linux 2.1
suse suse_linux 8.2
xpdf xpdf 2.3
xpdf xpdf 0.93
tetex tetex 2.0.1
pdftohtml pdftohtml 0.34
easy_software_products cups 1.1.1
tetex tetex 1.0.7
pdftohtml pdftohtml 0.32b
kde kde 3.3.1
gnome gpdf 0.112
kde kde 3.2.3
easy_software_products cups 1.1.4
redhat linux_advanced_workstation 2.1
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
xpdf xpdf 1.0
xpdf xpdf 1.1
pdftohtml pdftohtml 0.33
pdftohtml pdftohtml 0.36
easy_software_products cups 1.1.12
debian debian_linux 3.0
suse suse_linux 9.1
CVE-2004-0923 LOW

CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x 10.2.6
easy_software_products cups 1.1.20
apple mac_os_x_server 10.2.2
apple mac_os_x_server 10.3.2
easy_software_products cups 1.1.4_5
apple mac_os_x_server 10.2
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
apple mac_os_x_server 10.3.5
apple mac_os_x 10.2.7
apple mac_os_x_server 10.2.3
apple mac_os_x 10.3.3
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
apple mac_os_x 10.2
apple mac_os_x 10.3.2
easy_software_products cups 1.0.4_8
apple mac_os_x_server 10.3.1
easy_software_products cups 1.1.18
apple mac_os_x 10.3.4
apple mac_os_x_server 10.3.3
apple mac_os_x 10.2.4
apple mac_os_x 10.2.3
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
apple mac_os_x_server 10.2.7
easy_software_products cups 1.1.17
easy_software_products cups 1.1.13
apple mac_os_x_server 10.3
apple mac_os_x_server 10.2.5
apple mac_os_x 10.2.5
easy_software_products cups 1.1.21
easy_software_products cups 1.1.19_rc5
apple mac_os_x 10.2.2
apple mac_os_x 10.3.1
easy_software_products cups 1.1.1
apple mac_os_x 10.2.1
apple mac_os_x 10.3.5
apple mac_os_x_server 10.3.4
easy_software_products cups 1.1.4
apple mac_os_x_server 10.2.8
apple mac_os_x 10.3
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
apple mac_os_x_server 10.2.1
apple mac_os_x_server 10.2.4
easy_software_products cups 1.1.12
apple mac_os_x 10.2.8
apple mac_os_x_server 10.2.6
CVE-2004-0924 MEDIUM

NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x 10.2.6
easy_software_products cups 1.1.20
apple mac_os_x_server 10.2.2
apple mac_os_x_server 10.3.2
easy_software_products cups 1.1.4_5
apple mac_os_x_server 10.2
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
apple mac_os_x_server 10.3.5
apple mac_os_x 10.2.7
apple mac_os_x_server 10.2.3
apple mac_os_x 10.3.3
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
apple mac_os_x 10.2
apple mac_os_x 10.3.2
easy_software_products cups 1.0.4_8
apple mac_os_x_server 10.3.1
easy_software_products cups 1.1.18
apple mac_os_x 10.3.4
apple mac_os_x_server 10.3.3
apple mac_os_x 10.2.4
apple mac_os_x 10.2.3
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
apple mac_os_x_server 10.2.7
easy_software_products cups 1.1.17
easy_software_products cups 1.1.13
apple mac_os_x_server 10.3
apple mac_os_x_server 10.2.5
apple mac_os_x 10.2.5
easy_software_products cups 1.1.21
easy_software_products cups 1.1.19_rc5
apple mac_os_x 10.2.2
apple mac_os_x 10.3.1
easy_software_products cups 1.1.1
apple mac_os_x 10.2.1
apple mac_os_x 10.3.5
apple mac_os_x_server 10.3.4
easy_software_products cups 1.1.4
apple mac_os_x_server 10.2.8
apple mac_os_x 10.3
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
apple mac_os_x_server 10.2.1
apple mac_os_x_server 10.2.4
easy_software_products cups 1.1.12
apple mac_os_x 10.2.8
apple mac_os_x_server 10.2.6
CVE-2004-0926 HIGH

Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x 10.2.6
easy_software_products cups 1.1.20
apple mac_os_x_server 10.2.2
apple mac_os_x_server 10.3.2
easy_software_products cups 1.1.4_5
apple mac_os_x_server 10.2
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
apple mac_os_x_server 10.3.5
apple mac_os_x 10.2.7
apple mac_os_x_server 10.2.3
apple mac_os_x 10.3.3
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
apple mac_os_x 10.2
apple mac_os_x 10.3.2
easy_software_products cups 1.0.4_8
apple mac_os_x_server 10.3.1
easy_software_products cups 1.1.18
apple mac_os_x 10.3.4
apple mac_os_x_server 10.3.3
apple mac_os_x 10.2.4
apple mac_os_x 10.2.3
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
apple mac_os_x_server 10.2.7
easy_software_products cups 1.1.17
easy_software_products cups 1.1.13
apple mac_os_x_server 10.3
apple mac_os_x_server 10.2.5
apple mac_os_x 10.2.5
easy_software_products cups 1.1.21
easy_software_products cups 1.1.19_rc5
apple mac_os_x 10.2.2
apple mac_os_x 10.3.1
easy_software_products cups 1.1.1
apple mac_os_x 10.2.1
apple mac_os_x 10.3.5
apple mac_os_x_server 10.3.4
easy_software_products cups 1.1.4
apple mac_os_x_server 10.2.8
apple mac_os_x 10.3
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
apple mac_os_x_server 10.2.1
apple mac_os_x_server 10.2.4
easy_software_products cups 1.1.12
apple mac_os_x 10.2.8
apple mac_os_x_server 10.2.6
CVE-2004-0927 MEDIUM

ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x 10.2.6
easy_software_products cups 1.1.20
apple mac_os_x_server 10.2.2
apple mac_os_x_server 10.3.2
easy_software_products cups 1.1.4_5
apple mac_os_x_server 10.2
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
apple mac_os_x_server 10.3.5
apple mac_os_x 10.2.7
apple mac_os_x_server 10.2.3
apple mac_os_x 10.3.3
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
apple mac_os_x 10.2
apple mac_os_x 10.3.2
easy_software_products cups 1.0.4_8
apple mac_os_x_server 10.3.1
easy_software_products cups 1.1.18
apple mac_os_x 10.3.4
apple mac_os_x_server 10.3.3
apple mac_os_x 10.2.4
apple mac_os_x 10.2.3
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
apple mac_os_x_server 10.2.7
easy_software_products cups 1.1.17
easy_software_products cups 1.1.13
apple mac_os_x_server 10.3
apple mac_os_x_server 10.2.5
apple mac_os_x 10.2.5
easy_software_products cups 1.1.21
easy_software_products cups 1.1.19_rc5
apple mac_os_x 10.2.2
apple mac_os_x 10.3.1
easy_software_products cups 1.1.1
apple mac_os_x 10.2.1
apple mac_os_x 10.3.5
apple mac_os_x_server 10.3.4
easy_software_products cups 1.1.4
apple mac_os_x_server 10.2.8
apple mac_os_x 10.3
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
apple mac_os_x_server 10.2.1
apple mac_os_x_server 10.2.4
easy_software_products cups 1.1.12
apple mac_os_x 10.2.8
apple mac_os_x_server 10.2.6
CVE-2004-1125 HIGH

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.20
kde kde 3.2.3
kde kde 3.3.2
xpdf xpdf 3.0
CVE-2004-1267 MEDIUM

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.20
easy_software_products cups 1.1.13
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
easy_software_products cups 1.1.21
redhat fedora_core core_2.0
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.22_rc1
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.0.4_8
redhat fedora_core core_3.0
easy_software_products cups 1.1.18
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.1.12
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
CVE-2004-1268 LOW

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.20
easy_software_products cups 1.1.13
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
easy_software_products cups 1.1.21
redhat fedora_core core_2.0
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.22_rc1
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.0.4_8
redhat fedora_core core_3.0
easy_software_products cups 1.1.18
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.1.12
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
CVE-2004-1269 MEDIUM

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.20
easy_software_products cups 1.1.13
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
easy_software_products cups 1.1.21
redhat fedora_core core_2.0
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.22_rc1
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.0.4_8
redhat fedora_core core_3.0
easy_software_products cups 1.1.18
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.1.12
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
CVE-2004-1270 LOW

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.20
easy_software_products cups 1.1.13
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
easy_software_products cups 1.1.19
easy_software_products cups 1.1.21
redhat fedora_core core_2.0
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.0.4
easy_software_products cups 1.1.6
easy_software_products cups 1.1.22_rc1
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
easy_software_products cups 1.1.1
easy_software_products cups 1.0.4_8
redhat fedora_core core_3.0
easy_software_products cups 1.1.18
easy_software_products cups 1.1.4
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
easy_software_products cups 1.1.12
easy_software_products cups 1.1.10
easy_software_products cups 1.1.7
CVE-2005-0206 HIGH

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 6.1
easy_software_products cups 1.1.20
ascii ptex 3.1.4
gnome gpdf 0.110
redhat enterprise_linux_desktop 3.0
suse suse_linux 5.2
kde koffice 1.3
xpdf xpdf 2.0
easy_software_products cups 1.1.19
suse suse_linux 1.0
gnome gpdf 0.131
kde koffice 1.3_beta3
kde kde 3.2.2
easy_software_products cups 1.0.4
suse suse_linux 9.0
sgi propack 3.0
mandrakesoft mandrake_linux_corporate_server 3.0
suse suse_linux 4.4.1
suse suse_linux 5.3
gentoo linux *
suse suse_linux 7.2
easy_software_products cups 1.1.18
kde kde 3.2
suse suse_linux 6.4
suse suse_linux 7.0
xpdf xpdf 0.90
suse suse_linux 6.3
suse suse_linux 4.3
tetex tetex 2.0
easy_software_products cups 1.1.17
suse suse_linux 8.0
pdftohtml pdftohtml 0.33a
suse suse_linux 5.1
easy_software_products cups 1.1.19_rc5
redhat enterprise_linux 2.1
xpdf xpdf 2.3
xpdf xpdf 0.93
tetex tetex 2.0.1
pdftohtml pdftohtml 0.34
redhat fedora_core core_1.0
easy_software_products cups 1.1.1
tetex tetex 1.0.7
pdftohtml pdftohtml 0.32b
gnome gpdf 0.112
easy_software_products cups 1.1.4
redhat linux_advanced_workstation 2.1
xpdf xpdf 1.0
xpdf xpdf 1.1
pdftohtml pdftohtml 0.36
easy_software_products cups 1.1.12
suse suse_linux 9.1
cstex cstetex 2.0.2
suse suse_linux 3.0
suse suse_linux 5.0
easy_software_products cups 1.1.4_5
easy_software_products cups 1.1.15
kde koffice 1.3_beta1
sgi advanced_linux_environment 3.0
suse suse_linux 9.2
redhat fedora_core core_2.0
xpdf xpdf 0.92
ubuntu ubuntu_linux 4.1
suse suse_linux 4.2
xpdf xpdf 3.0
easy_software_products cups 1.1.6
xpdf xpdf 1.0a
suse suse_linux 4.4
easy_software_products cups 1.1.16
easy_software_products cups 1.1.4_3
kde koffice 1.3.1
easy_software_products cups 1.0.4_8
suse suse_linux 7.1
pdftohtml pdftohtml 0.35
suse suse_linux 6.0
easy_software_products cups 1.1.10
kde koffice 1.3.2
easy_software_products cups 1.1.7
kde kde 3.3
kde koffice 1.3_beta2
easy_software_products cups 1.1.13
xpdf xpdf 2.1
tetex tetex 2.0.2
redhat enterprise_linux 3.0
suse suse_linux 8.1
xpdf xpdf 0.91
kde kpdf 3.2
kde koffice 1.3.3
kde kde 3.2.1
suse suse_linux 4.0
pdftohtml pdftohtml 0.32a
suse suse_linux 8.2
suse suse_linux 7.3
kde kde 3.3.1
suse suse_linux 6.2
redhat fedora_core core_3.0
suse suse_linux 2.0
kde kde 3.2.3
easy_software_products cups 1.1.14
easy_software_products cups 1.1.4_2
tetex tetex 1.0.6
pdftohtml pdftohtml 0.33
debian debian_linux 3.0
redhat linux 9.0
CVE-2005-2525 MEDIUM

CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.2.10
apple mac_os_x 10.4.2
apple mac_os_x 10.3.9
CVE-2005-2526 MEDIUM

CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.2.10
apple mac_os_x 10.4.2
apple mac_os_x 10.3.9
CVE-2005-2874 MEDIUM

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.20
easy_software_products cups 1.1.3
easy_software_products cups 1.1.20_rc2
easy_software_products cups 1.1.20_rc6
easy_software_products cups 1.1.13
easy_software_products cups 1.1.19_rc3
easy_software_products cups 1.1.15
easy_software_products cups 1.1.5
easy_software_products cups 1.1.6_2
easy_software_products cups 1.1.2
easy_software_products cups 1.1.19
easy_software_products cups 1.1.21
easy_software_products cups 1.1.19_rc4
easy_software_products cups 1.1.22_rc2
easy_software_products cups 1.1.5_1
easy_software_products cups 1.1.10_1
easy_software_products cups 1.1.19_rc5
easy_software_products cups 1.1.20_rc1
easy_software_products cups 1.1.6
easy_software_products cups 1.1.22_rc1
easy_software_products cups 1.1.16
easy_software_products cups 1.1.9_1
easy_software_products cups 1.1.21_rc1
easy_software_products cups 1.1.1
easy_software_products cups 1.1.8
easy_software_products cups 1.1.19_rc2
easy_software_products cups 1.1.21_rc2
easy_software_products cups 1.1.18
easy_software_products cups 1.1.4
easy_software_products cups 1.1.9
easy_software_products cups 1.1.19_rc1
easy_software_products cups 1.1.14
easy_software_products cups 1.1.6_1
easy_software_products cups 1.1.5_2
easy_software_products cups 1.1.22
easy_software_products cups 1.1
easy_software_products cups 1.1.6_3
easy_software_products cups 1.1.11
easy_software_products cups 1.1.12
easy_software_products cups 1.1.10
easy_software_products cups 1.1.20_rc4
easy_software_products cups 1.1.7
easy_software_products cups 1.1.20_rc3
easy_software_products cups 1.1.20_rc5
CVE-2005-3624 MEDIUM

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
suse suse_linux 9.3
redhat enterprise_linux_desktop 3.0
suse suse_linux 10.0
mandrakesoft mandrake_linux 10.1
ubuntu ubuntu_linux 5.10
kde koffice 1.4
easy_software_products cups 1.1.23_rc1
turbolinux turbolinux_appliance_server 1.0_hosting_edition
kde kpdf 3.4.3
suse suse_linux 1.0
suse suse_linux 9.2
turbolinux turbolinux_home *
redhat fedora_core core_2.0
turbolinux turbolinux fuji
redhat enterprise_linux 4.0
mandrakesoft mandrake_linux 2006
suse suse_linux 9.0
debian debian_linux 3.1
ubuntu ubuntu_linux 4.1
xpdf xpdf 3.0
slackware slackware_linux 10.2
sgi propack 3.0
sco openserver 5.0.7
mandrakesoft mandrake_linux_corporate_server 3.0
kde koffice 1.4.2
turbolinux turbolinux_multimedia *
gentoo linux *
slackware slackware_linux 10.0
redhat linux 7.3
kde kdegraphics 3.2
easy_software_products cups 1.1.22
poppler poppler 0.4.2
turbolinux turbolinux_desktop 10.0
libextractor libextractor *
tetex tetex 2.0
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_server 10.0_x86
tetex tetex 2.0.2
redhat fedora_core core_4.0
redhat enterprise_linux 3.0
kde kpdf 3.2
kde kword 1.4.2
sco openserver 6.0
redhat enterprise_linux_desktop 4.0
mandrakesoft mandrake_linux 10.2
slackware slackware_linux 9.1
tetex tetex 3.0
ubuntu ubuntu_linux 5.04
trustix secure_linux 3.0
turbolinux turbolinux_personal *
trustix secure_linux 2.0
kde kdegraphics 3.4.3
redhat enterprise_linux 2.1
turbolinux turbolinux_server 8.0
easy_software_products cups 1.1.22_rc1
tetex tetex 2.0.1
trustix secure_linux 2.2
turbolinux turbolinux 10
redhat fedora_core core_1.0
tetex tetex 1.0.7
slackware slackware_linux 10.1
redhat fedora_core core_3.0
turbolinux turbolinux_server 10.0
redhat linux_advanced_workstation 2.1
conectiva linux 10.0
kde koffice 1.4.1
turbolinux turbolinux_workstation 8.0
debian debian_linux 3.0
suse suse_linux 9.1
slackware slackware_linux 9.0
easy_software_products cups 1.1.23
redhat linux 9.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
CVE-2005-3625 HIGH

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
suse suse_linux 9.3
redhat enterprise_linux_desktop 3.0
suse suse_linux 10.0
mandrakesoft mandrake_linux 10.1
ubuntu ubuntu_linux 5.10
kde koffice 1.4
easy_software_products cups 1.1.23_rc1
turbolinux turbolinux_appliance_server 1.0_hosting_edition
kde kpdf 3.4.3
suse suse_linux 1.0
suse suse_linux 9.2
turbolinux turbolinux_home *
redhat fedora_core core_2.0
turbolinux turbolinux fuji
redhat enterprise_linux 4.0
mandrakesoft mandrake_linux 2006
suse suse_linux 9.0
debian debian_linux 3.1
ubuntu ubuntu_linux 4.1
xpdf xpdf 3.0
slackware slackware_linux 10.2
sgi propack 3.0
sco openserver 5.0.7
mandrakesoft mandrake_linux_corporate_server 3.0
kde koffice 1.4.2
turbolinux turbolinux_multimedia *
gentoo linux *
slackware slackware_linux 10.0
redhat linux 7.3
kde kdegraphics 3.2
easy_software_products cups 1.1.22
poppler poppler 0.4.2
turbolinux turbolinux_desktop 10.0
libextractor libextractor *
tetex tetex 2.0
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_server 10.0_x86
tetex tetex 2.0.2
redhat fedora_core core_4.0
redhat enterprise_linux 3.0
kde kpdf 3.2
kde kword 1.4.2
sco openserver 6.0
redhat enterprise_linux_desktop 4.0
mandrakesoft mandrake_linux 10.2
slackware slackware_linux 9.1
tetex tetex 3.0
ubuntu ubuntu_linux 5.04
trustix secure_linux 3.0
turbolinux turbolinux_personal *
trustix secure_linux 2.0
kde kdegraphics 3.4.3
redhat enterprise_linux 2.1
turbolinux turbolinux_server 8.0
easy_software_products cups 1.1.22_rc1
tetex tetex 2.0.1
trustix secure_linux 2.2
turbolinux turbolinux 10
redhat fedora_core core_1.0
tetex tetex 1.0.7
slackware slackware_linux 10.1
redhat fedora_core core_3.0
turbolinux turbolinux_server 10.0
redhat linux_advanced_workstation 2.1
conectiva linux 10.0
kde koffice 1.4.1
turbolinux turbolinux_workstation 8.0
debian debian_linux 3.0
suse suse_linux 9.1
slackware slackware_linux 9.0
easy_software_products cups 1.1.23
redhat linux 9.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
CVE-2005-3626 MEDIUM

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
suse suse_linux 9.3
redhat enterprise_linux_desktop 3.0
suse suse_linux 10.0
mandrakesoft mandrake_linux 10.1
ubuntu ubuntu_linux 5.10
kde koffice 1.4
easy_software_products cups 1.1.23_rc1
turbolinux turbolinux_appliance_server 1.0_hosting_edition
kde kpdf 3.4.3
suse suse_linux 1.0
suse suse_linux 9.2
turbolinux turbolinux_home *
redhat fedora_core core_2.0
turbolinux turbolinux fuji
redhat enterprise_linux 4.0
mandrakesoft mandrake_linux 2006
suse suse_linux 9.0
debian debian_linux 3.1
ubuntu ubuntu_linux 4.1
xpdf xpdf 3.0
slackware slackware_linux 10.2
sgi propack 3.0
sco openserver 5.0.7
mandrakesoft mandrake_linux_corporate_server 3.0
kde koffice 1.4.2
turbolinux turbolinux_multimedia *
gentoo linux *
slackware slackware_linux 10.0
redhat linux 7.3
kde kdegraphics 3.2
easy_software_products cups 1.1.22
poppler poppler 0.4.2
turbolinux turbolinux_desktop 10.0
libextractor libextractor *
tetex tetex 2.0
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_server 10.0_x86
tetex tetex 2.0.2
redhat fedora_core core_4.0
redhat enterprise_linux 3.0
kde kpdf 3.2
kde kword 1.4.2
sco openserver 6.0
redhat enterprise_linux_desktop 4.0
mandrakesoft mandrake_linux 10.2
slackware slackware_linux 9.1
tetex tetex 3.0
ubuntu ubuntu_linux 5.04
trustix secure_linux 3.0
turbolinux turbolinux_personal *
trustix secure_linux 2.0
kde kdegraphics 3.4.3
redhat enterprise_linux 2.1
turbolinux turbolinux_server 8.0
easy_software_products cups 1.1.22_rc1
tetex tetex 2.0.1
trustix secure_linux 2.2
turbolinux turbolinux 10
redhat fedora_core core_1.0
tetex tetex 1.0.7
slackware slackware_linux 10.1
redhat fedora_core core_3.0
turbolinux turbolinux_server 10.0
redhat linux_advanced_workstation 2.1
conectiva linux 10.0
kde koffice 1.4.1
turbolinux turbolinux_workstation 8.0
debian debian_linux 3.0
suse suse_linux 9.1
slackware slackware_linux 9.0
easy_software_products cups 1.1.23
redhat linux 9.0
turbolinux turbolinux_appliance_server 1.0_workgroup_edition
CVE-2008-0596 MEDIUM

Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
easy_software_products cups 1.1.17
easy_software_products cups 1.1.22