PublicDate: 2008-02-26 00:44:00 UTC
Candidate: CVE-2008-0597
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597
Description:
 Use-after-free vulnerability in CUPS before 1.1.22, and possibly other
 versions, allows remote attackers to cause a denial of service (crash) via
 crafted IPP packets.
Ubuntu-Description: 
Notes: 
 jdstrand> patched code doesn't exist in 1.2. Also 1.2 and higher uses
   cupsArrayRestore(), which uses similar checks as the patched code
Bugs: 
 https://bugzilla.redhat.com/show_bug.cgi?id=433847
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_cupsys:
 vendor: https://rhn.redhat.com/errata/RHSA-2008-0153.html
upstream_cupsys: released (1.1.22)
dapper_cupsys: not-affected (1.2.2-0ubuntu0.6.06.6)
edgy_cupsys: not-affected (1.2.4-2ubuntu3.2)
feisty_cupsys: not-affected (1.2.8-0ubuntu8.2)
gutsy_cupsys: not-affected (1.3.2-1ubuntu7.3)
devel_cupsys: not-affected (1.3.6-3ubuntu1)