OpenPrinting CUPS-Filters Heap Buffer Overflow Vulnerability in RastertoPCLX Filter Allowing Arbitrary Code Execution

A heap buffer overflow vulnerability has been identified in the OpenPrinting CUPS-Filters package, specifically in versions through 2.0.1. The issue resides in the rastertoPCLX filter, where an unvalidated length parameter leads to a heap buffer overflow. This vulnerability causes the program to crash with a segmentation fault while processing maliciously crafted input, but can also be exploited to corrupt memory, potentially allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, leading to memory corruption. This could be exploited to execute arbitrary code on the system where the vulnerable CUPS-Filters version is running.

Reproduction

The vulnerability can be reproduced by compiling and running the CUPS filter rastertoPCLX, with or without AddressSanitizer (ASAN) enabled. After setting up a printer to use a PPD file that directs print jobs to the rastertoPCLX filter, a crafted file can be sent as a print job. The filter will process the file, triggering the buffer overflow and causing the program to crash with a segmentation fault. This exploitation can also be done remotely through the CUPS web interface by adding a printer that uses the vulnerable filter and sending a malicious print job.

Remediation

Users can upgrade to CUPS-Filters version 2.0.1 or later to address this vulnerability.