CVE-2010-2941

EPSS 27.69%
Published 05.11.2010 17:00:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Affected products Warnungen 0 Metrics 3 CWE 1 References 32

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Cups Version <= 1.4.4

Apple ≫ macOS X Version < 10.5.8

Apple ≫ macOS X Version >= 10.6.0 <= 10.6.4

Apple ≫ macOS X Server Version < 10.5.8

Apple ≫ macOS X Server Version >= 10.6.0 <= 10.6.4

Fedoraproject ≫ Fedora Version12

Fedoraproject ≫ Fedora Version13

Fedoraproject ≫ Fedora Version14

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04

Canonical ≫ Ubuntu Linux Version9.10

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version10.10

Debian ≫ Debian Linux Version5.0

Opensuse ≫ Opensuse Version11.1

Opensuse ≫ Opensuse Version11.2

Opensuse ≫ Opensuse Version11.3

Suse ≫ Linux Enterprise Version10.0 Updatesp3

Suse ≫ Linux Enterprise Version11.0 Update-

Suse ≫ Linux Enterprise Version11.0 Updatesp1

Suse ≫ Linux Enterprise Server Version9

Redhat ≫ Enterprise Linux Version5.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Workstation Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	27.69%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Mailing List

http://support.apple.com/kb/HT4435

Broken Link

http://secunia.com/advisories/43521

Broken Link

http://www.debian.org/security/2011/dsa-2176

Third Party Advisory

Mailing List

http://www.vupen.com/english/advisories/2011/0535

Broken Link

http://security.gentoo.org/glsa/glsa-201207-10.xml