Cups@1.2.12 Security Vulnerabilities and Issues — Cups@1.2.12 CVE List

Lucene search

AppleCups1.2.12

6 matches found

CVE•added 2008/11/21 2:30 a.m.•625 views

CVE-2008-5184

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

10CVSS7.4AI score0.00285EPSS

CVE•added 2008/10/10 10:30 a.m.•375 views

CVE-2008-3641

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

10CVSS7.8AI score0.49016EPSS

CVE•added 2008/03/18 11:44 p.m.•288 views

CVE-2008-0053

Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.

10CVSS9.5AI score0.17193EPSS

CVE•added 2008/12/01 3:30 p.m.•108 views

CVE-2008-5286

Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.

7.5CVSS7.9AI score0.10607EPSS

CVE•added 2008/10/14 9:10 p.m.•102 views

CVE-2008-3639

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

7.5CVSS7.9AI score0.10222EPSS

CVE•added 2008/10/14 9:10 p.m.•79 views

CVE-2008-3640

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

6.8CVSS7.9AI score0.11527EPSS