Red Hat Bugzilla – Bug 464716
CVE-2008-3641 CUPS: HP/GL reader insufficient bounds checking
Last modified: 2010-02-25 17:54:38 EST
An unchecked index issue exists within the PW_pen_width() and
PC_pen_color() functions in the hpgltops CUPS image filter. Buffer bounds
are not properly validated when handling the pen width and pen color
opcodes, potentially resulting in arbitrary memory being overwritten with
Red Hat would like to thank "regenrecht" for reporting this issue.
Created attachment 318029 [details]
Patch from Apple
Public now via:
Fixed upstream in: 1.3.9
The fix for this issue was reported to introduce regression in the HP-GL/2 file format handling:
According to upstream, "It shouldn't break "valid" HP-GL/2 files that specify pen numbers."
cups-1.3.9-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.3.9-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: