CVE-2009-0163 : Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier a

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.

Published 2009-04-23 17:30:02

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2009-0163

Apple » Cups
Versions up to, including, (<=) 1.3.9
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5-2
cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6
cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.10-1
cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.10
cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.18
cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.17
cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19
cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC1
cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC3
cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21 Update RC1
cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22 Update RC1
cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.1
cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5-1
cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.5
cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.9
cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.9-1
cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.16
cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.15
cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC2
cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC3
cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC5
cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC2
cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22
cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.22 Update RC2
cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.1
cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.0
cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.7
cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update RC1
cpe:2.3:a:apple:cups:1.3:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update RC2
cpe:2.3:a:apple:cups:1.3:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-1
cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.2
cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-3
cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.6-2
cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.12
cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.11
cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20
cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC1
cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21
cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC6
cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update B2
cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update B1
cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.5
cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.4
cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.10
cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.11
cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.2
cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.3
cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC1
cpe:2.3:a:apple:cups:1.2:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC3
cpe:2.3:a:apple:cups:1.2:rc3:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2 Update RC2
cpe:2.3:a:apple:cups:1.2:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.8
cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.9
cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.0
cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.1
cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1
cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.3
cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.4
cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.8
cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.7
cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.14
cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.13
cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC4
cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.19 Update RC5
cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.20 Update RC4
cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.21 Update RC2
cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.23 Update RC1
cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.1.23
cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.3
cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.2
cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.6
cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.2.12
cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3 Update B1
cpe:2.3:a:apple:cups:1.3:b1:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.4
cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.6
cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.5
cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.7
cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
Matching versions
Apple » Cups » Version: 1.3.8
cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2009-0163

Top countries where our scanners detected CVE-2009-0163

Top open port discovered on systems with this issue 631

IPs affected by CVE-2009-0163 2,961

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2009-0163!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2009-0163

EPSS FAQ

5.70%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-0163

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-0163

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-0163

http://www.ubuntu.com/usn/usn-760-1

USN-760-1: CUPS vulnerability | Ubuntu security notices | Ubuntu
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546

404 Not Found
http://secunia.com/advisories/34852

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.cups.org/str.php?L3031

Page Has Moved - CUPS.org
http://secunia.com/advisories/34747

About Secunia Research | Flexera
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html

[security-announce] SUSE Security Announcement: cups (SUSE-SA:2009:024) - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.cups.org/articles.php?L582

Page Has Moved - CUPS.org

CVEs referencing this url
http://secunia.com/advisories/34481

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200904-20.xml

CUPS: Multiple vulnerabilities (GLSA 200904-20) — Gentoo security

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2009-0429.html

Support

CVEs referencing this url
http://www.securityfocus.com/bid/34571
http://www.redhat.com/support/errata/RHSA-2009-0428.html

Support
http://secunia.com/advisories/34756

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2009/dsa-1773

[SECURITY] [DSA 1773-1] New cups packages fix arbitrary code execution
http://secunia.com/advisories/34722

About Secunia Research | Flexera
Vendor Advisory
http://www.securitytracker.com/id?1022070

GoDaddy Domain Name Search
http://www.securityfocus.com/archive/1/502750/100/0/threaded

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=490596

490596 – (CVE-2009-0163) CVE-2009-0163 cups: Integer overflow in the TIFF image filter
Patch
http://wiki.rpath.com/Advisories:rPSA-2009-0061

CVEs referencing this url