Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Apple CUPS 1.1.19 release candidate 5
Apple CUPS 1.1.21
Apple CUPS 1.1.20
Apple CUPS 1.2.2
Apple CUPS 1.2.1
Apple CUPS 1.2.4
Apple CUPS 1.2.3
Apple CUPS 1.2.6
Apple CUPS 1.2.5
Apple CUPS 1.2.8
Apple CUPS 1.2.7
Apple CUPS 1.2.9
Apple CUPS 1.2.12
Apple CUPS 1.2 b2
Apple CUPS 1.2.11
Apple CUPS 1.2.10
Apple CUPS 1.2 release candidate 3
Apple CUPS 1.2.0
Apple CUPS 1.2 release candidate 2
Apple CUPS 1.3 release candidate 2
Apple CUPS 1.3 release candidate 1
Apple CUPS 1.2 release candidate 1
Apple CUPS 1.3.1
Apple CUPS 1.3.0
Apple CUPS 1.3.3
Apple CUPS 1.1.23 release candidate 1
Apple CUPS 1.1.22 release candidate 2
Apple CUPS 1.3.2
Apple CUPS 1.1.22 release candidate 1
Apple CUPS 1.3.5
Apple CUPS 1.1.21 release candidate 1
Apple CUPS 1.1.20 release candidate 2
Apple CUPS 1.3.4
Apple CUPS 1.1.20 release candidate 1
Apple CUPS 1.3.7
Apple CUPS 1.1.20 release candidate 4
Apple CUPS 1.3.6
Apple CUPS 1.1.21 release candidate 2
Apple CUPS 1.1.20 release candidate 3
Apple CUPS 1.1.19
Apple CUPS 1.1.20 release candidate 6
Apple CUPS 1.1.20 release candidate 5
Apple CUPS 1.18
Apple CUPS 1.1.17
Apple CUPS 1.2 b1
Apple CUPS 1.3 b1
Apple CUPS 1.3.9
Apple CUPS 1.3.8
Apple CUPS 1.1.22
Apple CUPS 1.1.23
Apple CUPS 1.1.19 release candidate 3
Apple CUPS 1.1.19 release candidate 4
Apple CUPS 1.1.19 release candidate 1
Apple CUPS 1.1.19 release candidate 2