{"id":"DEBIAN-CVE-2008-5286","details":"Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.","modified":"2025-11-19T02:02:44.030774Z","published":"2008-12-01T15:30:03.640Z","upstream":["CVE-2008-5286"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2008-5286"}],"affected":[{"package":{"name":"cups","ecosystem":"Debian:11","purl":"pkg:deb/debian/cups?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.8-1lenny4"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5286.json"}},{"package":{"name":"cups","ecosystem":"Debian:12","purl":"pkg:deb/debian/cups?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.8-1lenny4"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5286.json"}},{"package":{"name":"cups","ecosystem":"Debian:13","purl":"pkg:deb/debian/cups?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.8-1lenny4"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5286.json"}},{"package":{"name":"cups","ecosystem":"Debian:14","purl":"pkg:deb/debian/cups?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.8-1lenny4"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5286.json"}}],"schema_version":"1.7.3"}