CVE-2010-0542

CWE-264 CWE-476 — NULL Pointer Dereference10 documents8 sources

Severity

6.8MEDIUM

EPSS

4.4%

top 10.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups

Timeline

PublishedJun 21

Latest updateMay 2

Description

The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debiancups< 1.4.4-1+3

▶NVDapple/cups1.4.3+61

Patches

Patch: cups.org ↗Patch: cups.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-cwfp-wwxr-hhq6: The _WriteProlog function in texttops↗2022-05-02

▶

OSV

CVE-2010-0542: The _WriteProlog function in texttops↗2010-06-21

▶

CVEList

CVE-2010-0542: The _WriteProlog function in texttops↗2010-06-21

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2010-06-21

▶

Red Hat

CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference↗2010-06-17

▶

Debian

CVE-2010-0542: cups - The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem...↗2010

▶

💬Community

Bugzilla

CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack↗2010-11-08

▶

Bugzilla

CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 cups various flaws [fedora-all]↗2010-06-17

▶

Bugzilla

CVE-2010-0542 CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference↗2010-04-30

▶