Cups Security Vulnerabilities and Issues — Cups CVE List

Lucene search

Easy Software ProductsCups

13 matches found

CVE•added 2006/01/06 10:0 p.m.•79 views

CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5CVSS6.3AI score0.07223EPSS

CVE•added 2006/01/06 10:0 p.m.•78 views

CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5CVSS6.1AI score0.09167EPSS

CVE•added 2008/04/04 12:44 a.m.•68 views

CVE-2008-1373

Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.

5.8CVSS7.8AI score0.07511EPSS

CVE•added 2004/09/28 4:0 a.m.•67 views

CVE-2004-0558

The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.

5CVSS6.1AI score0.08705EPSS

CVE•added 2005/01/10 5:0 a.m.•56 views

CVE-2004-1269

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

5CVSS6AI score0.08636EPSS

CVE•added 2005/09/13 10:3 p.m.•56 views

CVE-2005-2874

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "...." URL in an HTTP request.

5CVSS6.2AI score0.01434EPSS

CVE•added 2008/02/26 12:44 a.m.•47 views

CVE-2008-0596

Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.

5CVSS9AI score0.03849EPSS

CVE•added 2008/02/26 12:44 a.m.•44 views

CVE-2008-0597

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

5CVSS6.3AI score0.05278EPSS

CVE•added 2005/01/27 5:0 a.m.•43 views

CVE-2004-0924

NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.

5CVSS6.7AI score0.00296EPSS

CVE•added 2005/08/19 4:0 a.m.•43 views

CVE-2005-2525

CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).

5CVSS9.2AI score0.00739EPSS

CVE•added 2003/12/01 5:0 a.m.•41 views

CVE-2003-0788

Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).

5CVSS6.6AI score0.01928EPSS

CVE•added 2005/01/27 5:0 a.m.•40 views

CVE-2004-0927

ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.

5CVSS6.7AI score0.00186EPSS

CVE•added 2005/08/19 4:0 a.m.•36 views

CVE-2005-2526

CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.

5CVSS9AI score0.00739EPSS