There is a potential integer overflow in the validation code that could render the whole validation useless. IInteger overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-79 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2008-12-05
Severity: 2
Type: Local
------------------------------------------------------------------------
Summary
=======
There is a potential integer overflow in the validation code that could
render the whole validation useless.
Description
===========
IInteger overflow in the _cupsImageReadPNG function in CUPS 1.1.17
through 1.3.9 allows remote attackers to execute arbitrary code via a
PNG image with a large height value, which bypasses a validation check
and triggers a buffer overflow.
Affected packages:
Pardus 2008:
cups, all before 1.3.9-55-8
Resolution
==========
There are update(s) for cups. You can update them via Package Manager or
with a single command from console:
pisi up cups
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8761
* http://www.cups.org/str.php?L2974
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
------------------------------------------------------------------------
--
Pardus Security Team
http://security.pardus.org.tr