Ubuntu
cupsys package

[CVE-2008-1722] CUPS integer overflows in PNG image handling (in files filter/image-{png,zoom}.c)

Bug #219491 reported by Till Ulen
254
Affects Status Importance Assigned to Milestone
cupsys (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Undecided
Jamie Strandboge
Edgy
Won't Fix
Undecided
Jamie Strandboge
Feisty
Fix Released
Undecided
Jamie Strandboge
Gutsy
Fix Released
Undecided
Jamie Strandboge

Bug Description

Binary package hint: cupsys

From the CVE description:

"Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image."

See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1722
or http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722

CVE References

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

cupsys (1.3.7-1ubuntu3) hardy; urgency=low

  * Add debian/patches/CVE-2008-1722.dpatch: Two integer overflows in png
    image filter allow a denial of service attack and possibly arbitrary code
    execution. [STR #2790, CVE-2008-1722]. Taken from Debian SVN head.

 -- Martin Pitt <email address hidden> Mon, 21 Apr 2008 17:54:33 +0200

Changed in cupsys:
status: New → Fix Released
Jamie Strandboge (jdstrand)
Changed in cupsys:
assignee: nobody → jamie-strandboge
status: New → Confirmed
assignee: nobody → jamie-strandboge
status: New → Confirmed
assignee: nobody → jamie-strandboge
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in cupsys:
assignee: nobody → jamie-strandboge
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Edgy end-of-lifed

Changed in cupsys:
status: Confirmed → Won't Fix
status: Confirmed → Fix Committed
status: Confirmed → Fix Committed
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cupsys - 1.3.2-1ubuntu7.7

---------------
cupsys (1.3.2-1ubuntu7.7) gutsy-security; urgency=low

  * SECURITY UPDATE: Denial of service and possibly arbitrary code execution
  * debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in
    filter/image-png.c. Taken from Debian SVN Head.
  * References
    CVE-2008-1722
    LP: #219491
    http://www.cups.org/str.php?L2790

 -- Jamie Strandboge <email address hidden> Wed, 23 Apr 2008 12:59:45 -0400

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cupsys - 1.2.8-0ubuntu8.4

---------------
cupsys (1.2.8-0ubuntu8.4) feisty-security; urgency=low

  * SECURITY UPDATE: Denial of service and possibly arbitrary code execution
  * debian/patches/104_CVE-2008-1722.dpatch: fix for two integer overflows in
    filter/image-png.c. Taken from Debian SVN Head.
  * References
    CVE-2008-1722
    LP: #219491
    http://www.cups.org/str.php?L2790

 -- Jamie Strandboge <email address hidden> Thu, 24 Apr 2008 12:55:20 -0400

Changed in cupsys:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/usn-606-1

Changed in cupsys:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.