CVSS: 8.8EPSS: 7%CPEs: 93EXPL: 0CVE-2011-3170
https://notcve.org/view.php?id=CVE-2011-3170
19 Aug 2011 — The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. La función gif_read_lzw en filter/image-gif.c en CUPS v1.4.8 y anteriores no controla correctamente la primera WORD de código en un flujo LZW, lo que permite provocar un desbordamiento de búfer basad... • http://cups.org/str.php?L3914 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 27%CPEs: 26EXPL: 0CVE-2010-2941 – cups: cupsd memory corruption vulnerability
https://notcve.org/view.php?id=CVE-2010-2941
05 Nov 2010 — ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. ipp.c en cupsd en CUPS v1.4.4 y anteriores no asigna correctamente memoria para valores de atributo con tipos de datos de cadena inválidos, permitiendo a atacantes remotos provocar una denegación de servicio (uso después de ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-416: Use After Free •