CUPS: Stack overflow in included Xpdf code
Gentoo Linux Security Advisory
||GLSA 200501-30 / CUPS
||January 22, 2005
||January 22, 2005: 01
All supported architectures
CUPS includes Xpdf code and therefore is vulnerable to the recent stack
overflow issue, potentially resulting in the remote execution of arbitrary
The Common UNIX Printing System (CUPS) is a cross-platform print
spooler. It makes use of Xpdf code to handle PDF files.
The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc
insufficiently checks boundaries when processing /Encrypt /Length tags
in PDF files (GLSA 200501-28).
This issue could be exploited by a remote attacker to execute
arbitrary code by sending a malicious print job to a CUPS spooler.
There is no known workaround at this time.
All CUPS users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1"