It was discovered that GIF parsing code used by CUPS printing system is affected by similar issue as GIF parsers used by gd / netpbm / tk / SDL_image. Value of code_size read from GIF image is not properly validate before being used to initialize table array in gif_read_lzw(), causing a static buffer overflow. Issue is similar to: CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0553 (tk), CVE-2008-0554 (netpbm)
Created attachment 298680 [details] Proposed patch Similar to fixed used in gd / tk / netpbm / SDL_image.
Tracked upstream via: http://www.cups.org/str.php?L2765
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
cups-1.3.6-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.2.12-10.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0192.html http://rhn.redhat.com/errata/RHSA-2008-0206.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2897 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2131