PublicDateAtUSN: 2014-03-07
Candidate: CVE-2013-6475
CRD: 2014-03-07
PublicDate: 2014-03-14 15:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475
 https://ubuntu.com/security/notices/USN-2144-1
 https://ubuntu.com/security/notices/USN-2143-1
Description:
 Multiple integer overflows in (1) OPVPOutputDev.cxx and (2)
 oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before
 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF
 file, which triggers a heap-based buffer overflow.
Ubuntu-Description: 
Notes: 
 mdeslaur> filters used to be in main cups package in lucid
Bugs: 
Priority: medium
Discovered-by: Florian Weimer
Assigned-to: mdeslaur
CVSS: 

Patches_cups-filters:
upstream_cups-filters: released (1.0.47)
lucid_cups-filters: DNE
precise_cups-filters: released (1.0.18-0ubuntu0.2)
quantal_cups-filters: released (1.0.24-2ubuntu0.2)
saucy_cups-filters: released (1.0.40-0ubuntu1.1)
devel_cups-filters: released (1.0.47-0ubuntu1)

Patches_cups:
upstream_cups: needs-triage
lucid_cups: released (1.4.3-1ubuntu1.10)
precise_cups: not-affected (code not present)
quantal_cups: not-affected (code not present)
saucy_cups: not-affected (code not present)
devel_cups: not-affected (code not present)