Launchpad CVE tracker

CVE 2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

Related bugs and status

CVE-2013-6476 (Candidate) is related to these bugs:

Bug #1178172: cups does not start when avahi-daemon is not installed

Summary				In	Importance	Status
	1178172	cups does not start when avahi-daemon is not installed		cups (Ubuntu)	Undecided	Fix Released
	1178172	cups does not start when avahi-daemon is not installed		cups-filters (Ubuntu)	Undecided	Fix Released

Bug #1242185: [regression] cups-daemon hard-depends on avahi-daemon

		In	Importance	Status
1242185	[regression] cups-daemon hard-depends on avahi-daemon	cups (Ubuntu)	Undecided	Fix Released
1242185	[regression] cups-daemon hard-depends on avahi-daemon	upstart (Ubuntu)	High	Confirmed
1242185	[regression] cups-daemon hard-depends on avahi-daemon	cups-filters (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-6476

References