Date: Mon, 1 Dec 2008 09:25:36 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: (sort of urgent) CVE Request -- cups (repost) ====================================================== Name: CVE-2008-5286 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286 Reference: CONFIRM:http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt Reference: CONFIRM:http://www.cups.org/str.php?L2974 Reference: MLIST:[oss-security] 20081201 (sort of urgent) CVE Request -- cups (repost) Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/01/1 Reference: BID:32518 Reference: URL:http://www.securityfocus.com/bid/32518 Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.