Arbitrary Code Execution

2020-04-1000:44:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

cups is vulnerable to arbitrary code execution. The vulnerability exists as a missing memory allocation failure check flaw, leading to a NULL pointer dereference, was found in the CUPS “texttops” filter. An attacker could create a malicious text file that would cause “texttops” to crash or, potentially, execute arbitrary code as the “lp” user if the file was printed.

CPENameOperatorVersion
cupseq1.2.4__11.18.el5_2.1
cupseq1.2.4__11.5.1.el5
cupseq1.2.4__11.14.el5
cupseq1.3.7__11.el5_4.5
cupseq1.1.22__0.rc1.9.27.el4_7.1
cupseq1.3.7__8.el5
cupseq1.2.4__11.14.el5_1.4
cupseq1.3.7__11.el5_4.6
cupseq1.2.4__11.14.el5_1.6
cupseq1.2.4__11.18.el5_2.2

Name	Operator	Version
cups	eq	1.2.4__11.18.el5_2.1
cups	eq	1.2.4__11.5.1.el5
cups	eq	1.2.4__11.14.el5
cups	eq	1.3.7__11.el5_4.5
cups	eq	1.1.22__0.rc1.9.27.el4_7.1
cups	eq	1.3.7__8.el5
cups	eq	1.2.4__11.14.el5_1.4
cups	eq	1.3.7__11.el5_4.6
cups	eq	1.2.4__11.14.el5_1.6
cups	eq	1.2.4__11.18.el5_2.2