Vulnerability Description
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Cups | <= 1.3.8 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
- http://secunia.com/advisories/32084Vendor Advisory
- http://secunia.com/advisories/32222Vendor Advisory
- http://secunia.com/advisories/32226Vendor Advisory
- http://secunia.com/advisories/32284Vendor Advisory
- http://secunia.com/advisories/32292Vendor Advisory
- http://secunia.com/advisories/32316Vendor Advisory
- http://secunia.com/advisories/32331
- http://secunia.com/advisories/33085
- http://secunia.com/advisories/33111
- http://secunia.com/advisories/33568
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
- http://support.apple.com/kb/HT3216Vendor Advisory
FAQ
What is CVE-2008-3641?
CVE-2008-3641 is a vulnerability with a CVSS score of 10.0 (HIGH). The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
How severe is CVE-2008-3641?
CVE-2008-3641 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3641?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Cups.