CVE-2008-3639
EPSS 8.0%cupsys - several vulnerabilities
Published: 10/14/2008Modified: 4/28/2026
Description
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
Affected packages (2)
- Debian/cupsfrom 0, < 1.3.8-1lenny2
- Debian/cupsysfrom 0, < 1.2.7-4etch5