CVE-2009-3553

2009-11-1900:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.084 Low

EPSS

Percentile

94.3%

JSON

Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to
cause a denial of service (daemon crash or hang) via a client disconnection
during listing of a large number of print jobs, related to improperly
maintaining a reference count. NOTE: some of these details are obtained
from third party information.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu8.10noarchcups< 1.3.9-2ubuntu9.5UNKNOWN
ubuntu9.04noarchcups< 1.3.9-17ubuntu3.6UNKNOWN
ubuntu9.10noarchcups< 1.4.1-5ubuntu2.4UNKNOWN
ubuntu8.04noarchcupsys< 1.3.7-1ubuntu3.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.10	noarch	cups	< 1.3.9-2ubuntu9.5	UNKNOWN
ubuntu	9.04	noarch	cups	< 1.3.9-17ubuntu3.6	UNKNOWN
ubuntu	9.10	noarch	cups	< 1.4.1-5ubuntu2.4	UNKNOWN
ubuntu	8.04	noarch	cupsys	< 1.3.7-1ubuntu3.8	UNKNOWN