CVE-2010-2941
published 2010-11-05CVE-2010-2941: ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | <= 1.4.4 | — |
| apple | cups | >= 0 < 1.4.4-7 | 1.4.4-7 |
| apple | cups | >= 0 < 1.4.4-7 | 1.4.4-7 |
| apple | cups | >= 0 < 1.4.4-7 | 1.4.4-7 |
| apple | cups | >= 0 < 1.4.4-7 | 1.4.4-7 |
| apple | mac_os_x | < 10.5.8 | 10.5.8 |
| apple | mac_os_x | 10.6.0 – 10.6.4 | — |
| apple | mac_os_x_server | < 10.5.8 | 10.5.8 |
| apple | mac_os_x_server | 10.6.0 – 10.6.4 | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | cups | < cups 1.4.4-7 (bookworm) | cups 1.4.4-7 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL