Vulnerability Details : CVE-2014-9679
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2014-9679
Probability of exploitation activity in the next 30 days: 1.86%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-9679
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-9679
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9679
-
http://www.openwall.com/lists/oss-security/2015/02/12/12
oss-security - Re: CVE Request: Cups: cupsRasterReadPixels buffer overflowThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
https://security.gentoo.org/glsa/201607-06
CUPS: Buffer overflow (GLSA 201607-06) — Gentoo securityThird Party Advisory
-
https://www.cups.org/str.php?L4551
Buffer overflow in cupsRasterReadPixels · Issue #4551 · apple/cups · GitHubVendor Advisory
-
http://www.securitytracker.com/id/1031776
CUPS cupsRasterReadPixels() Buffer Overflow Has Unspecified Impact - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/72594
CUPS cupsRasterReadPixels Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150171.html
[SECURITY] Fedora 20 Update: cups-1.7.5-12.fc20Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:108
mandriva.comThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1123.html
RHSA-2015:1123 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150177.html
[SECURITY] Fedora 21 Update: cups-1.7.5-15.fc21Third Party Advisory
-
http://www.debian.org/security/2015/dsa-3172
Debian -- Security Information -- DSA-3172-1 cupsThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2520-1
USN-2520-1: CUPS vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:049
mandriva.comThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/02/10/15
oss-security - CVE Request: Cups: cupsRasterReadPixels buffer overflowThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.html
openSUSE-SU-2015:0381-1: moderate: Security update for cupsThird Party Advisory
-
http://advisories.mageia.org/MGASA-2015-0067.html
Mageia Advisory: MGASA-2015-0067 - Updated cups packages fix CVE-2014-9679Third Party Advisory
Products affected by CVE-2014-9679
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*