CVE-2007-6358 Affecting cups package, versions <1.3.5-1


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.04% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN12-CUPS-1544038
  • published15 Dec 2007
  • disclosed15 Dec 2007

Introduced: 15 Dec 2007

CVE-2007-6358  (opens in a new tab)

How to fix?

Upgrade Debian:12 cups to version 1.3.5-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream cups package and not the cups package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.

CVSS Scores

version 3.1