CVE-2015-3258
cups-filters - security update
EPSS 33.5%
Description
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
How to fix CVE-2015-3258
To remediate CVE-2015-3258, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.5.0-16 or later
- Debian/cups—upgrade to 1.4.4-7+squeeze10 or later
- Debian/cups-filters—upgrade to 1.0.70-1 or later
- —upgrade to 1.0.18-2.1+deb7u2 or later
Is CVE-2015-3258 being exploited?
Moderate — EPSS is 33.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 1.5.0-16
- from 0, < 1.4.4-7+squeeze10
- from 0, < 1.0.70-1
- from 0, < 1.0.18-2.1+deb7u2