CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
90.6%
Gentoo security team summarizes:
The following issues were reported in CUPS:
iDefense reported an integer overflow in the
_cupsImageReadTIFF() function in the βimagetopsβ filter,
leading to a heap-based buffer overflow (CVE-2009-0163).
Aaron Siegel of Apple Product Security reported that the
CUPS web interface does not verify the content of the βHostβ
HTTP header properly (CVE-2009-0164).
Braden Thomas and Drew Yao of Apple Product Security
reported that CUPS is vulnerable to CVE-2009-0146,
CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and
poppler.
A remote attacker might send or entice a user to send a
specially crafted print job to CUPS, possibly resulting in the
execution of arbitrary code with the privileges of the
configured CUPS user β by default this is βlpβ, or a Denial
of Service. Furthermore, the web interface could be used to
conduct DNS rebinding attacks.