CVE-2008-5286

CVE Database · CVE-2008-5286

CVE-2008-5286

· N/AModified

CVSS v3.1

N/A

EPSS

4.40%

Published

Dec 1, 2008

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

Weaknesses (CWE)

CWE-189

Affected Products (54)

apple · cupsvulnerable

apple · cups

References (20)

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

http://secunia.com/advisories/32962

http://secunia.com/advisories/33101

http://secunia.com/advisories/33111

http://secunia.com/advisories/33568

http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt

http://www.cups.org/str.php?L2974

PatchVendor Advisory

http://www.debian.org/security/2008/dsa-1677

http://www.gentoo.org/security/en/glsa/glsa-200812-01.xml

http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:028

KEV Catalog EPSS Scores Vendors All CVEs