cups

Page content
  • Author: voroskoi
  • Vulnerable: 1.3.2-1
  • Unaffected: 1.3.2-2sayshell1

Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “ippReadIO()” function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted “textWithLanguage” or “nameWithLanguage” tags. Successful exploitation allows execution of arbitrary code.

CVEs: