The following issues were reported in CUPS:
- iDefense reported an integer overflow in the
_cupsImageReadTIFF() function in the "imagetops" filter,
leading to a heap-based buffer overflow (CVE-2009-0163).
- Aaron Siegel of Apple Product Security reported that the
CUPS web interface does not verify the content of the "Host"
HTTP header properly (CVE-2009-0164).
- Braden Thomas and Drew Yao of Apple Product Security
reported that CUPS is vulnerable to CVE-2009-0146,
CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and
poppler.
A remote attacker might send or entice a user to send a
specially crafted print job to CUPS, possibly resulting in the
execution of arbitrary code with the privileges of the
configured CUPS user -- by default this is "lp", or a Denial
of Service. Furthermore, the web interface could be used to
conduct DNS rebinding attacks.