CVE-2014-4337 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cups-filters

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

2.1%

top 15.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Cups-filters

Timeline

PublishedJun 22

Latest updateMay 14

Description

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianlinuxfoundation/cups-filters< 1.0.53-1+3

▶NVDlinuxfoundation/cups-filters1.0.52

Patches

Patch: bzr.linuxfoundation.org ↗Patch: bzr.linuxfoundation.org ↗

🔴Vulnerability Details

GHSA

GHSA-chh5-m35x-x292: The process_browse_data function in utils/cups-browsed↗2022-05-14

▶

OSV

CVE-2014-4337: The process_browse_data function in utils/cups-browsed↗2014-06-22

▶

CVEList

CVE-2014-4337: The process_browse_data function in utils/cups-browsed↗2014-06-22

▶

📋Vendor Advisories

Red Hat

cups-filters: cups-browsed DoS via process_browse_data() OOB read↗2014-04-23

▶

Debian

CVE-2014-4337: cups-filters - The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups...↗2014

▶

💬Community

Bugzilla

CVE-2014-4337 cups-filters: cups-browsed DoS via process_browse_data() OOB read↗2014-06-20

▶