Vulnerability Details CVE-2010-5325
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.059
EPSS Ranking 90.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog
- http://rhn.redhat.com/errata/RHSA-2016-0491.html
- http://www.openwall.com/lists/oss-security/2016/02/15/1
- http://www.openwall.com/lists/oss-security/2016/02/15/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- https://bugs.linuxfoundation.org/show_bug.cgi?id=515
- https://bugzilla.redhat.com/show_bug.cgi?id=1218297
- http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog
- http://rhn.redhat.com/errata/RHSA-2016-0491.html
- http://www.openwall.com/lists/oss-security/2016/02/15/1
- http://www.openwall.com/lists/oss-security/2016/02/15/7
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- https://bugs.linuxfoundation.org/show_bug.cgi?id=515
- https://bugzilla.redhat.com/show_bug.cgi?id=1218297
Products affected by CVE-2010-5325
-
cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0
-
cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1
-
cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2
-
cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3
-
cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4
-
cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5
-
cpe:2.3:o:oracle:linux:6
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0