CVE-2008-3640 : Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 al

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

Published 2008-10-14 21:10:36

Updated 2018-10-03 21:55:32

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2008-3640

Apple » Cups
Versions up to, including, (<=) 1.3.8
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5-2
cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6
cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.10-1
cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.10
cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.18
cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.17
cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19
cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC1
cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC3
cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21 Update RC1
cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22 Update RC1
cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.1
cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5-1
cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5
cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.9
cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.9-1
cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.16
cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.15
cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC2
cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC3
cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC5
cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC2
cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22
cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22 Update RC2
cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.1
cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.0
cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.7
cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update RC1
cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update RC2
cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-1
cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.2
cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-3
cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-2
cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.12
cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.11
cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20
cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC1
cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21
cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC6
cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update B2
cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update B1
cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.5
cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.4
cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.10
cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.11
cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.2
cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.3
cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC1
cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC3
cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC2
cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.8
cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.9
cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.0
cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.1
cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1
cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.3
cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.4
cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.8
cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.7
cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.14
cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.13
cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC4
cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC5
cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC4
cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21 Update RC2
cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.23 Update RC1
cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.23
cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.3
cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.2
cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.6
cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.12
cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update B1
cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.4
cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.6
cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.5
cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.7
cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2008-3640

Top countries where our scanners detected CVE-2008-3640

Top open port discovered on systems with this issue 631

IPs affected by CVE-2008-3640 2,960

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2008-3640!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-3640

EPSS FAQ

11.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3640

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-3640

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3640

http://www.mandriva.com/security/advisories?name=MDVSA-2008:211

Mandriva

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/45790

CUPS WriteProlog() buffer overflow CVE-2008-3640 Vulnerability Report
http://www.debian.org/security/2008/dsa-1656

[SECURITY] [DSA 1656-1] New cupsys packages fix several vulnerabilities

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html

502 Bad Gateway

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10266

404 Not Found
http://www.vupen.com/english/advisories/2008/3401

Site en construction

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html

[SECURITY] Fedora 9 Update: cups-1.3.9-1.fc9

CVEs referencing this url
http://www.cups.org/str.php?L2919

Page Has Moved - CUPS.org
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=752
http://www.redhat.com/support/errata/RHSA-2008-0937.html

Support

CVEs referencing this url
http://www.securityfocus.com/bid/31690

Patch

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml

CUPS: Multiple vulnerabilities (GLSA 200812-11) — Gentoo security

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html

[SECURITY] Fedora 8 Update: cups-1.3.9-1.fc8

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm

ASA-2008-470 (RHSA-2008-0937)

CVEs referencing this url
http://www.cups.org/articles.php?L575

Page Has Moved - CUPS.org

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/2782

Site en construction

CVEs referencing this url
https://usn.ubuntu.com/656-1/

404: Page not found | Ubuntu

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1568

Site en construction

CVEs referencing this url
http://www.securitytracker.com/id?1021034

Access Denied