CVSS: 7.5EPSS: 7%CPEs: 16EXPL: 0CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. Vulnerabilidad de uso despues de liberacion en el interfaz de gestion de descriptores de fichero en la funcion cupsdDoSelect en scheduler/select.c en the scheduler en cupsd en CUPS v1.3.7, v1.3.9, v1.3.10, y v1.4.1, cuando se utiliza kqueue o epoll, permite a atacantes remotos producir una denegacion de servicio (caida de demonio o cuelgue) a traves de la desconexion del cliente durante el listado de un gran numero de trabajos de imporesion, relacionados con el inadecuado mantenimiento del numero de referencias. NOTA: Algunos de los detalles fueron obtenidos de terceras partes. • http://cups.org/articles.php?L596 http://cups.org/str.php?L3490 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html http://secunia.com/advisories/38785 http://secunia.com/advisories/38927 http://secunia.com/advisories/38979 http://secunia.com/advisories/40220 http://security.gentoo.org/glsa/glsa-201207-10.xml http://support.apple.com/kb/HT4188 http://www.mandriva.com&# • CWE-416: Use After Free •
CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0CVE-2009-3553 – cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
https://notcve.org/view.php?id=CVE-2009-3553
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso anterior a la liberación en el descriptor de fichero abstracto de cuelgue de interface en la función cupsdDoSelect en scheduler/select.c en el scheduler en cupsd en CUPS v1.3.7 y v1.3.10 permite a los atacantes remoto causar una denegación de servicio (caída o cuelque del demonio) a través de una desconexión de cliente durante el listado de una elevado número de trabajos de impresión, en relación al mantenimiento inapropiado de un contador de referencia. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://secunia.com/advisories/37360 http://secunia.com/advisories/37364 http://secunia.com/advisories/38241 http://secunia.com/advisories/43521 http://security.gentoo.org/glsa/glsa-201207-10.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1 http://support.apple.com/kb/HT4004 http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs http://www.cups.org/newsgroups.php/newsgr • CWE-416: Use After Free •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 0CVE-2009-0791 – xpdf: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0791
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. Múltiples desbordamientos de entero en el filtro pdftops en CUPS v1.1.17, v1.1.22 y v1.3.7 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección mediante un fichero PDF manipulado que dispara una desbordamiento de búfer basado en memoria dinámica (heap), posiblemente relacionado con (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx y (5) PSOutputDev.cxx en pdftops/. NOTA: el vector JBIG2Stream.cxx podría solapar CVE-2009-1179. • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35340 http://secunia.com/advisories/35685 http://secunia.com/advisories/37023 http://secunia.com/advisories/37028 http://secunia.com/advisories/37037 http://secunia.com/advisories/37043 http://secunia.com/advisories/37077 http://secunia.com/advisories/37079 http://securitytracker.com/id?1022326 http://www.mandriva.com/security/advisories?name=MDVSA-2009:334 http://www.redhat. • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0CVE-2009-1196 – cups: DoS (stop, crash) by renewing CUPS browse packets
https://notcve.org/view.php?id=CVE-2009-1196
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." La funcionalidad directory-services en el planificador (scheduler) en CUPS v1.1.17 y v1.1.22 permite a atacantes remotos provocar una denegación de servicio (parada o caída del demonio cupsd) mediante la manipulación de la cadencia de los paquetes de navegación CUPS, en relación con el problema de punteros "uso después de borrado" ("pointer use-after-delete flaw"). • http://secunia.com/advisories/35340 http://securitytracker.com/id?1022327 http://www.redhat.com/support/errata/RHSA-2009-1083.html http://www.securityfocus.com/bid/35194 http://www.vupen.com/english/advisories/2009/1488 https://bugzilla.redhat.com/show_bug.cgi?id=497135 https://exchange.xforce.ibmcloud.com/vulnerabilities/50944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11217 https://access.redhat.com/security/cve/CVE-2009-1196 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante una solicitud de programación (scheduler) con dos etiquetas IPP_TAG_UNSUPPORTED consecutivas. • https://www.exploit-db.com/exploits/33020 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35322 http://secunia.com/advisories/35328 http://secunia.com/advisories/35340 http://secunia.com/advisories/35342 http://secunia.com/advisories/35685 http://secunia.com/advisories/36701 http://securitytracker.com/id?1022321 http://support.apple.com/kb/HT3865 http&# • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •