Bug 937018 - (CVE-2015-3279) VUL-0: CVE-2015-3279: cups-filters: texttopdf integer overflow (incomplete fix for CVE-2015-3258)
VUL-0: CVE-2015-3279: cups-filters: texttopdf integer overflow (incomplete f...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
Blocks: CVE-2015-3258
  Show dependency treegraph
Reported: 2015-07-03 12:18 UTC by Andreas Stieger
Modified: 2019-05-01 16:48 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-07-03 12:18:54 UTC
Via RH:

> An integer overflow flaw leading to a heap-based buffer overflow was
> discovered in the way the texttopdf utility of cups-filter processed
> print jobs with a specially crafted line size. An attacker being able
> to submit print jobs could exploit this flaw to crash texttopdf or,
> possibly, execute arbitrary code with the privileges of the 'lp' user.
> Patch:
> http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365


> Comment in
> http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
> claims it's CVE-2015-3259 (not 3279).

SLE 12:        cups-filters 1.0.58 /usr/lib/cups/filter/texttopdf
openSUSE 13.2: cups-filters 1.0.58 /usr/lib/cups/filter/texttopdf

Comment 1 Andreas Stieger 2015-07-03 12:33:33 UTC

> Comment in
> http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
> claims it's CVE-2015-3259 (not 3279).

There seems to be some confusion about the CVE for this one, might be a dup of bug 936281 / bug CVE-2015-3258. 
CVE-2015-3259 may be a duplicate assignment.

We also bug 921753 and bug 936281 outstanding, so I am expecting to start an update soon once this is clarified.
Comment 2 Andreas Stieger 2015-07-03 12:49:02 UTC

> Even with the patch for CVE-2015-3258 in version 1.0.70 it was possible
> to trigger an integer overflow leading to a heap-based buffer overflow
> using the same vector (specially crafted line sizes).
> The integer overflow has been assigned CVE-2015-3279 and is fixed in
> version 1.0.71. Apart from that, the patch also hardens against
> possible crashes due to missing calloc() success checks.
> Patch:
> http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
> Red Hat bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=1238990
Comment 3 Swamp Workflow Management 2015-07-03 22:00:15 UTC
bugbot adjusting priority
Comment 6 Johannes Meixner 2015-07-06 12:33:37 UTC
Fixed for openSUSE 13.2, see

Fixed for openSUSE:Factory via version upgrade to cups-filters 1.0.71
in OBS "Printing" project via submitrequest 315193 that is
forwarded to openSUSE:Factory via submitrequest 315194
Comment 7 Johannes Meixner 2015-07-06 12:36:12 UTC
For further processig for the maintenance update
I re-asssign it to our security team.
Comment 8 Bernhard Wiedemann 2015-07-06 13:00:21 UTC
This is an autogenerated message for OBS integration:
This bug (937018) was mentioned in
https://build.opensuse.org/request/show/315210 13.2 / cups-filters
Comment 9 Andreas Stieger 2015-07-06 14:36:39 UTC
Thanks, we'll handle the submissions.
Comment 10 Swamp Workflow Management 2015-07-14 16:16:26 UTC
openSUSE-SU-2015:1244-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 921753,936281,937018
CVE References: CVE-2015-2265,CVE-2015-3258,CVE-2015-3279
Sources used:
openSUSE 13.2 (src):    cups-filters-1.0.58-2.7.1
Comment 11 Swamp Workflow Management 2015-08-13 11:09:52 UTC
SUSE-SU-2015:1377-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 936281,937018
CVE References: CVE-2015-3258,CVE-2015-3279
Sources used:
SUSE Linux Enterprise Server 12 (src):    cups-filters-1.0.58-8.1
SUSE Linux Enterprise Desktop 12 (src):    cups-filters-1.0.58-8.1
Comment 12 Marcus Meissner 2015-12-08 14:11:39 UTC