View | Details | Raw Unified | Return to bug 201134 | Differences between
and this patch

Collapse All | Expand All

(-)vuln.xml (+38 lines)
Lines 57-62 Link Here
57
57
58
-->
58
-->
59
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
59
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
60
  <vuln vid="b19da422-1e02-11e5-b43d-002590263bf5">
61
    <topic>cups-filters -- buffer overflow in texttopdf size allocation</topic>
62
    <affects>
63
      <package>
64
	<name>cups-filters</name>
65
	<range><lt>1.0.70</lt></range>
66
      </package>
67
    </affects>
68
    <description>
69
      <body xmlns="http://www.w3.org/1999/xhtml">
70
	<p>Stefan Cornelius from Red Hat reports:</p>
71
	<blockquote cite="http://www.openwall.com/lists/oss-security/2015/06/26/4">
72
	  <p>A heap-based buffer overflow was discovered in the way the
73
	    texttopdf utility of cups-filters processed print jobs with a
74
	    specially crafted line size. An attacker being able to submit
75
	    print jobs could exploit this flaw to crash texttopdf or,
76
	    possibly, execute arbitrary code.</p>
77
	</blockquote>
78
	<p>Till Kamppeter reports:</p>
79
	<blockquote cite="http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363">
80
	  <p>texttopdf: Fixed buffer overflow on size allocation of texttopdf
81
	    when working with extremely small line sizes, which causes the size
82
	    calculation to result in 0 (CVE-2015-3258, thanks to Stefan
83
	    Cornelius from Red Hat for the patch).</p>
84
	</blockquote>
85
      </body>
86
    </description>
87
    <references>
88
      <cvename>CVE-2015-3258</cvename>
89
      <mlist>http://www.openwall.com/lists/oss-security/2015/06/26/4</mlist>
90
      <url>http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363</url>
91
    </references>
92
    <dates>
93
      <discovery>2015-06-26</discovery>
94
      <entry>2015-06-29</entry>
95
    </dates>
96
  </vuln>
97
60
  <vuln vid="acd5d037-1c33-11e5-be9c-6805ca1d3bb1">
98
  <vuln vid="acd5d037-1c33-11e5-be9c-6805ca1d3bb1">
61
    <topic>qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)</topic>
99
    <topic>qemu -- Heap overflow in QEMU PCNET controller, allowing guest to host escape (CVE-2015-3209)</topic>
62
    <affects>
100
    <affects>

Return to bug 201134