Vulnerabilities > Apple > Cups > 1.3.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-24 | CVE-2009-0164 | Improper Input Validation vulnerability in Apple Cups The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. | 6.4 |
2009-04-23 | CVE-2009-1182 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | 7.5 |
2009-04-23 | CVE-2009-1180 | Resource Management Errors vulnerability in multiple products The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. | 6.8 |
2009-04-23 | CVE-2009-0799 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. | 4.3 |
2009-04-23 | CVE-2009-0166 | Resource Management Errors vulnerability in multiple products The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. | 4.3 |
2009-04-23 | CVE-2009-0163 | Numeric Errors vulnerability in Apple Cups Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. | 6.8 |
2009-04-23 | CVE-2009-0147 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. | 4.3 |
2009-04-23 | CVE-2009-0146 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. | 4.3 |
2008-12-01 | CVE-2008-5286 | Numeric Errors vulnerability in Apple Cups Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. | 7.5 |
2008-11-21 | CVE-2008-5184 | Credentials Management vulnerability in Apple Cups The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | 10.0 |