CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4873
https://notcve.org/view.php?id=CVE-2005-4873
31 Dec 2005 — Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c. • http://www.cups.org/str.php?L1102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 2%CPEs: 127EXPL: 1CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 10%CPEs: 45EXPL: 2CVE-2005-2874
https://notcve.org/view.php?id=CVE-2005-2874
13 Sep 2005 — The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. • http://lwn.net/Alerts/152835 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2526
https://notcve.org/view.php?id=CVE-2005-2526
19 Aug 2005 — CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. • http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2525
https://notcve.org/view.php?id=CVE-2005-2525
19 Aug 2005 — CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt). • http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html •
CVSS: 9.1EPSS: 0%CPEs: 146EXPL: 0CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
15 Feb 2005 — The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilida... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2004-2154
https://notcve.org/view.php?id=CVE-2004-2154
31 Dec 2004 — CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive. • http://www.cups.org/str.php?L700 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 1CVE-2004-1268
https://notcve.org/view.php?id=CVE-2004-1268
22 Dec 2004 — lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. • http://tigger.uic.edu/~jlongs2/holes/cups2.txt •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 2CVE-2004-1269 – Easy Software Products LPPassWd 1.1.22 - Resource Limit Denial of Service
https://notcve.org/view.php?id=CVE-2004-1269
22 Dec 2004 — lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. • https://www.exploit-db.com/exploits/25012 •
CVSS: 9.8EPSS: 16%CPEs: 24EXPL: 2CVE-2004-1267 – CUPS 1.1.x - '.HPGL' File Processor Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1267
22 Dec 2004 — Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file. Desbordamiento de búfer en la función ParseCommand en hpgl-input.c del programa hpgltops de CUPS 1.1.22 permite a atacantes remotos ejecutar código arbitrario medianet un fichero HPGL artesanal. • https://www.exploit-db.com/exploits/24977 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •