1
Candidate: CVE-2009-0163
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
5
https://usn.ubuntu.com/usn/usn-760-1
7
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
8
earlier allows remote attackers to cause a denial of service (daemon crash)
9
and possibly execute arbitrary code via a crafted TIFF image, which is not
10
properly handled by the (1) _cupsImageReadTIFF function in the imagetops
11
filter and (2) imagetoraster filter, leading to a heap-based buffer
15
kees> cups/CVE-2009-0163.patch
16
jdstrand> without a reproducer, AFAICS cups with libtiff should be vulnerable
17
as libtiff doesn't error out on images with a height (ImageLength) larger
18
than 0x3fffffff (2^30-1)
25
Tags_cups_intrepid: apparmor
26
upstream_cups: needs-triage
30
intrepid_cups: released (1.3.9-2ubuntu9.1)
31
devel_cups: released (1.3.9-17ubuntu1)
34
upstream_cupsys: needs-triage
35
Tags_cupsys_gutsy: apparmor
36
Tags_cupsys_hardy: apparmor
37
dapper_cupsys: released (1.2.2-0ubuntu0.6.06.13)
38
gutsy_cupsys: released (1.3.2-1ubuntu7.10)
39
hardy_cupsys: released (1.3.7-1ubuntu3.4)