CVE Database · CVE-2008-3639
CVSS v3.1
N/A
EPSS
4.40%
Published
Oct 14, 2008
Modified
Apr 22, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
Weaknesses (CWE)
Affected Products (77)
References (20)
...and 27 more
