CVE-2013-6475

Description

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

How to fix CVE-2013-6475

To remediate CVE-2013-6475, upgrade the affected package to a fixed version below.

• Debian/cups—upgrade to 1.5.0-16 or later
• Debian/cups-filters—upgrade to 1.0.47-1 or later

Is CVE-2013-6475 being exploited?

Moderate — EPSS is 14.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 1.5.0-16
• from 0, < 1.0.47-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-6475