CVE-2017-18248
published 2018-03-26CVE-2017-18248: The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an…
medium5.3CVSS 3.0
AVNACHPRLUINSUCNINAH
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | < 2.2.6 | 2.2.6 |
| apple | cups | >= 0 < 2.2.6-1 | 2.2.6-1 |
| apple | cups | >= 0 < 2.2.6-1 | 2.2.6-1 |
| apple | cups | >= 0 < 2.2.6-1 | 2.2.6-1 |
| apple | cups | >= 0 < 2.2.6-1 | 2.2.6-1 |
| apple | cups | >= 0 < 1.7.2-0ubuntu1.10 | 1.7.2-0ubuntu1.10 |
| apple | cups | >= 0 < 2.1.3-4ubuntu0.5 | 2.1.3-4ubuntu0.5 |
| apple | cups | >= 0 < 2.2.7-1ubuntu2.1 | 2.2.7-1ubuntu2.1 |
| debian | cups | < cups 2.2.6-1 (bookworm) | cups 2.2.6-1 (bookworm) |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.3MEDIUM