CVE-2008-0597
Published: 26 February 2008
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
Notes
Author | Note |
---|---|
jdstrand | patched code doesn't exist in 1.2. Also 1.2 and higher uses cupsArrayRestore(), which uses similar checks as the patched code |
Priority
Status
Package | Release | Status |
---|---|---|
cupsys Launchpad, Ubuntu, Debian |
upstream |
Released
(1.1.22)
|
dapper |
Not vulnerable
(1.2.2-0ubuntu0.6.06.6)
|
|
edgy |
Not vulnerable
(1.2.4-2ubuntu3.2)
|
|
feisty |
Not vulnerable
(1.2.8-0ubuntu8.2)
|
|
gutsy |
Not vulnerable
(1.3.2-1ubuntu7.3)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2008-0153.html |