#VU32561 Buffer overflow in cups-filters - CVE-2013-6473

Cybersecurity Help s.r.o.

Published: 2014-03-14 | Updated: 2020-07-28

Vulnerability identifier: #VU32561

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-6473

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cups-filters
Other software / Other software solutions

Vendor: OpenPrinting

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

cups-filters: 1.0.25

External links
https://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
https://www.securityfocus.com/bid/66601
https://www.ubuntu.com/usn/USN-2143-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333
https://bugzilla.redhat.com/show_bug.cgi?id=1027547

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for cups-filters

Buffer overflow in OpenPrinting cups-filters

Buffer overflow in cups-filters (Alpine package)