CVE-2014-4337

Related Files

Mandriva Linux Security Advisory 2015-100

Posted Mar 30, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-100 - Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. Various other issues where also addressed.

tags | advisory, arbitrary

systems | linux, mandriva

advisories | CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476, CVE-2014-2707, CVE-2014-4336, CVE-2014-4337, CVE-2014-4338

SHA-256 | 7f312cada7ef4fe1709a37c3131bcc60a0c6ae0baefe7518dff2e7a96f7746ca

Download | Favorite | View

Red Hat Security Advisory 2014-1795-01

Posted Nov 3, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1795-01 - The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2014-4337, CVE-2014-4338

SHA-256 | f4f080cd92162d6b8cb4a45568f8878ea79052302e9b3d47c111c48687f25f33

Download | Favorite | View