CVE-2013-6474
cups - security update
EPSS 14.2%
Description
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
How to fix CVE-2013-6474
To remediate CVE-2013-6474, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.5.0-16 or later
- Debian/cups—upgrade to 1.4.4-7+squeeze4 or later
- Debian/cups-filters—upgrade to 1.0.47-1 or later
- Debian/cups-filters—upgrade to 1.0.18-2.1+deb7u1 or later
Is CVE-2013-6474 being exploited?
Moderate — EPSS is 14.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 1.5.0-16
- from 0, < 1.4.4-7+squeeze4
- from 0, < 1.0.47-1
- from 0, < 1.0.18-2.1+deb7u1