Page 7 of 99 results (0.029 seconds)

CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." La funcionalidad directory-services en el planificador (scheduler) en CUPS v1.1.17 y v1.1.22 permite a atacantes remotos provocar una denegación de servicio (parada o caída del demonio cupsd) mediante la manipulación de la cadencia de los paquetes de navegación CUPS, en relación con el problema de punteros "uso después de borrado" ("pointer use-after-delete flaw"). • http://secunia.com/advisories/35340 http://securitytracker.com/id?1022327 http://www.redhat.com/support/errata/RHSA-2009-1083.html http://www.securityfocus.com/bid/35194 http://www.vupen.com/english/advisories/2009/1488 https://bugzilla.redhat.com/show_bug.cgi?id=497135 https://exchange.xforce.ibmcloud.com/vulnerabilities/50944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11217 https://access.redhat.com/security/cve/CVE-2009-1196 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 3

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante una solicitud de programación (scheduler) con dos etiquetas IPP_TAG_UNSUPPORTED consecutivas. • https://www.exploit-db.com/exploits/33020 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35322 http://secunia.com/advisories/35328 http://secunia.com/advisories/35340 http://secunia.com/advisories/35342 http://secunia.com/advisories/35685 http://secunia.com/advisories/36701 http://securitytracker.com/id?1022321 http://support.apple.com/kb/HT3865 http&# • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •

CVSS: 6.4EPSS: 1%CPEs: 78EXPL: 0

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. La interfaz web de CUPS antes de v1.3.10 no valida la cabecera HTTP Host en una solicitud de un cliente, lo que facilita para realizar ataques de revinculación de DNS a atacantes remotos. • http://bugs.gentoo.org/show_bug.cgi?id=263070 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200904-20.xml http://support.apple.com/kb/HT3549 http://wiki.rpath.com/Advisories:rPSA-2009-0061 http://www.cups.org/articles.php?L582 http://www.cups.org/str.php?L3118 http://www.securityfocus.com/archive/1/502750/100/0/threaded http://www.securityfocus.com/bid/34665 http • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 78EXPL: 0

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. El desbordamiento de enteros en las rutinas de decodificación de imágenes TIFF en CUPS versiones 1.3.9 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) y posiblemente ejecutar código arbitrario por medio de una imagen TIFF diseñada, que no es manejado apropiadamente por la función _cupsImageReadTIFF (1) en el filtro imagetops y (2) el filtro imagetoraster, lo que conduce a un desbordamiento de búfer en la región heap de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://secunia.com/advisories/34481 http://secunia.com/advisories/34722 http://secunia.com/advisories/34747 http://secunia.com/advisories/34756 http://secunia.com/advisories/34852 http://security.gentoo.org/glsa/glsa-200904-20.xml http://wiki.rpath.com/Advisories:rPSA-2009-0061 http://www.cups.org/articles.php?L582 http://www.cups.org/str.php?L3031 http://www.debian.org/security/2009/dsa-1773 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 2%CPEs: 106EXPL: 0

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Múltiples desbordamientos enteros en el decodificador JBIG2 en Xpdf versión 3.02 PL2 y anteriores, CUPS versión 1.3.9 y anterior, y otros productos permiten a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo PDF creado, relacionado a (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg y (3) JBIG2Stream::readGenericBitmap. • http://bugs.gentoo.org/show_bug.cgi?id=263028 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0458.html http://secunia.com/advisori • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •