CVE-2004-1267

Published: Jan 10, 2005Modified: Apr 16, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

Affected (24)

Products: Easy Software Products: Cups · Redhat: Fedora Core

Easy Software Products

1 product

1 product

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Easy Software Products Cups	Version 1.0.4
Easy Software Products Cups	Version 1.0.4_8
Easy Software Products Cups	Version 1.1.10
Easy Software Products Cups	Version 1.1.12
Easy Software Products Cups	Version 1.1.13
Easy Software Products Cups	Version 1.1.14
Easy Software Products Cups	Version 1.1.15
Easy Software Products Cups	Version 1.1.16
Easy Software Products Cups	Version 1.1.17
Easy Software Products Cups	Version 1.1.18
Easy Software Products Cups	Version 1.1.19
Easy Software Products Cups	Version 1.1.19_rc5
Easy Software Products Cups	Version 1.1.1
Easy Software Products Cups	Version 1.1.20
Easy Software Products Cups	Version 1.1.21
Easy Software Products Cups	Version 1.1.22_rc1
Easy Software Products Cups	Version 1.1.4
Easy Software Products Cups	Version 1.1.4_2
Easy Software Products Cups	Version 1.1.4_3
Easy Software Products Cups	Version 1.1.4_5
Easy Software Products Cups	Version 1.1.6
Easy Software Products Cups	Version 1.1.7

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Fedora Core	Version core_2.0
Redhat Fedora Core	Version core_3.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (16)

http://tigger.uic.edu/~jlongs2/holes/cups.txt

Source: cve@mitre.org

ExploitVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2005:008

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2005-013.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2005-053.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18604

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620

Source: cve@mitre.org

https://usn.ubuntu.com/50-1/

Source: cve@mitre.org

http://tigger.uic.edu/~jlongs2/holes/cups.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2005:008

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2005-013.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2005-053.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18604

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10620

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/50-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.