CVE-2008-3639
cupsys - several vulnerabilities
EPSS 8.0%
Description
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
How to fix CVE-2008-3639
To remediate CVE-2008-3639, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.3.8-1lenny2 or later
- Debian/cupsys—upgrade to 1.2.7-4etch5 or later
Is CVE-2008-3639 being exploited?
Moderate — EPSS is 8.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.3.8-1lenny2
- from 0, < 1.2.7-4etch5