Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1158Cups vulnerability

CWE-25413 documents10 sources
Severity
10.0CRITICALNVD
EPSS
81.7%
top 0.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Apple CupsDebian CupsCups+1 more
Timeline
PublishedJun 26
Latest updateMay 17

Description

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

debiandebian/cups< cups 1.7.5-12 (bookworm)
Debianapple/cups< 1.7.5-12+3
Ubuntuapple/cups< 1.7.2-0ubuntu1.6
NVDcups/cups2.0.2

🔴Vulnerability Details

4
GHSA
GHSA-f3f2-vc32-jrrx: The add_job function in scheduler/ipp2022-05-17
OSV
CVE-2015-1158: The add_job function in scheduler/ipp2015-06-26
OSV
cups vulnerabilities2015-06-10
Project0
Owning Internet Printing - A Case Study in Modern Software Exploitation - Project Zero2015-06-01

💥Exploits & PoCs

2
Exploit-DB
CUPS < 2.0.3 - Remote Command Execution2017-02-03
Exploit-DB
CUPS < 2.0.3 - Multiple Vulnerabilities2015-06-22

📋Vendor Advisories

4
Red Hat
cups: incorrect string reference counting (VU#810572)2015-06-10
Ubuntu
CUPS vulnerabilities2015-06-10
Debian
CVE-2015-1158: cups - The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs i...2015
Apple
CVE-2015-1158: OS X Yosemite v10.10.3 and Security Update 2015-004

💬Community

2
Bugzilla
CVE-2015-1158 CVE-2015-1159 cups: various flaws [fedora-all]2015-06-10
Bugzilla
CVE-2015-1158 cups: incorrect string reference counting (VU#810572)2015-05-14
CVE-2015-1158 — Debian Cups vulnerability | cvebase