CVE-2008-5286

EPSS 8.3%

cupsys - arbitrary code execution

Published: 12/1/2008Modified: 4/28/2026

Description

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

Affected packages (2)

Debian/cupsfrom 0, < 1.3.8-1lenny4
Debian/cupsysfrom 0, < 1.2.7-4etch6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-5286