Re: CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow

[Stefan Cornelius <scorneli () redhat com>]

On Fri, 26 Jun 2015 18:43:26 +0200
Stefan Cornelius <scorneli () redhat com> wrote:

> Hi,
>
> A heap-based buffer overflow was discovered in the way the texttopdf
> utility of cups-filters processed print jobs with a specially crafted
> line size. An attacker being able to submit print jobs could exploit
> this flaw to crash texttopdf or, possibly, execute arbitrary code.
>
> This was discovered by Petr Sklenar of Red Hat.
>
> This is fixed in cups-filters 1.0.70.
>
> Patch:
> http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363
>
> Minor note on the side: The commit thanks me for the patch. The patch
> was created by Tim Waugh of Red Hat, I've merely forwarded it.
>
> Red Hat bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=1235385
>
> Thanks,

Hi again,

I think there's a possible problem with the patch that I failed to catch
earlier in the process, so you may want to hold packaging for a bit
until this is fully investigated.

Sorry for the inconvenience.
-- 
Stefan Cornelius / Red Hat Product Security