GoogleOSV:DSA-1530-1cupsys - multiple vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.86 High
EPSS
Percentile
98.1%
Several local/remote vulnerabilities have been discovered in cupsys, the
Common Unix Printing System. The Common Vulnerabilities and Exposures
project identifies the following problems:
Heap-based buffer overflow in CUPS, when printer sharing is enabled,
allows remote attackers to execute arbitrary code via crafted search
expressions.
Double free vulnerability in the process_browse_data function in CUPS
1.3.5 allows remote attackers to cause a denial of service (daemon
crash) and possibly the execution of arbitrary code via crafted packets to the
cupsd port (631/udp), related to an unspecified manipulation of a
remote printer.
For the stable distribution (etch), these problems have been fixed in
version 1.2.7-4etch3.
We recommend that you upgrade your cupsys packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cupsys | eq | 1.2.7-4 | |
| cupsys | eq | 1.2.7-4etch1 | |
| cupsys | eq | 1.2.7-4etch2 |
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.86 High
EPSS
Percentile
98.1%