Description
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Apple / cups1.4.4
- Apple / mac_os_x10.5.8
- Apple / mac_os_x_server10.5.8
- Canonical / Ubuntu Linux6.06 – 6.06
- Canonical / Ubuntu Linux8.04 – 8.04
- Canonical / Ubuntu Linux9.10 – 9.10
- Canonical / Ubuntu Linux10.04 – 10.04
- Canonical / Ubuntu Linux10.10 – 10.10
- Debian / debian_linux5.0 – 5.0
- fedoraproject / fedora13 – 13
- fedoraproject / fedora14 – 14
- fedoraproject / fedora12 – 12
- openSUSE / opensuse11.1 – 11.1
- openSUSE / opensuse11.2 – 11.2
- openSUSE / opensuse11.3 – 11.3
- RedHat / enterprise_linux5.0 – 5.0
- RedHat / enterprise_linux6.0 – 6.0
- RedHat / enterprise_linux_desktop5.0 – 5.0
- RedHat / enterprise_linux_server5.0 – 5.0
- RedHat / enterprise_linux_workstation5.0 – 5.0
- SUSE / linux_enterprise11.0 – 11.0
- SUSE / linux_enterprise11.0 – 11.0
- SUSE / linux_enterprise10.0 – 10.0
- SUSE / linux_enterprise_server9 – 9
References
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:234
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4435
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/3042
- MISChttp://rhn.redhat.com/errata/RHSA-2010-0811.html
- MISChttp://www.redhat.com/support/errata/RHSA-2010-0866.html
- MISChttp://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:232
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2856
- VENDOR_ADVISORYhttp://www.debian.org/security/2011/dsa-2176
- MISChttp://securitytracker.com/id?1024662
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/42867
- MISChttp://security.gentoo.org/glsa/glsa-201207-10.xml
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0061
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0535
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1012-1
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:233
- VENDOR_ADVISORYhttp://secunia.com/advisories/42287
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=624438
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/62882
- VENDOR_ADVISORYhttp://secunia.com/advisories/43521
- MISChttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323
- MISChttp://www.osvdb.org/68951
- MISChttp://www.securityfocus.com/bid/44530
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/3088