CVE-2010-5325

high-risk
Published 2016-04-15

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.

Do I need to act?

~
6.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Foomatic-Filters

Affected Vendors

Linuxfoundation Oracle Redhat

References (14)

Patch http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-fil...
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0491.html
Third Party Advisory http://www.openwall.com/lists/oss-security/2016/02/15/1
Third Party Advisory http://www.openwall.com/lists/oss-security/2016/02/15/7
Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h...
https://bugs.linuxfoundation.org/show_bug.cgi?id=515
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1218297
Patch http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-fil...
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0491.html
Third Party Advisory http://www.openwall.com/lists/oss-security/2016/02/15/1
Third Party Advisory http://www.openwall.com/lists/oss-security/2016/02/15/7
Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h...
https://bugs.linuxfoundation.org/show_bug.cgi?id=515
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1218297
55
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 9/34 · Low
Exposure 14/34 · Moderate