Easy Software Products » Cups : Security Vulnerabilities, CVEs, CVSS score >= 4
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Max CVSS
5.8
EPSS Score
95.40%
Published
2008-04-04
Updated
2018-10-11
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
Max CVSS
5.0
EPSS Score
11.40%
Published
2008-02-26
Updated
2018-10-15
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
Max CVSS
5.0
EPSS Score
12.13%
Published
2008-02-26
Updated
2023-02-13
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
42.90%
Published
2007-12-19
Updated
2017-07-29
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
Max CVSS
5.0
EPSS Score
0.52%
Published
2005-12-31
Updated
2018-10-19
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Max CVSS
10.0
EPSS Score
0.61%
Published
2005-12-31
Updated
2018-10-19
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Max CVSS
5.0
EPSS Score
1.28%
Published
2005-12-31
Updated
2018-10-19
The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.
Max CVSS
5.0
EPSS Score
11.92%
Published
2005-09-13
Updated
2017-10-11
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
Max CVSS
5.0
EPSS Score
1.12%
Published
2005-08-19
Updated
2008-09-05
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
Max CVSS
5.0
EPSS Score
1.12%
Published
2005-08-19
Updated
2008-09-05
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Max CVSS
7.5
EPSS Score
0.66%
Published
2005-04-27
Updated
2017-10-11
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.
Max CVSS
5.0
EPSS Score
1.56%
Published
2005-01-10
Updated
2018-10-03
Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.
Max CVSS
6.5
EPSS Score
8.62%
Published
2005-01-10
Updated
2018-10-03
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
Max CVSS
9.3
EPSS Score
6.20%
Published
2005-01-10
Updated
2018-10-03
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
Max CVSS
5.0
EPSS Score
0.15%
Published
2005-01-27
Updated
2008-09-05
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
Max CVSS
10.0
EPSS Score
0.76%
Published
2005-01-27
Updated
2008-09-05
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
Max CVSS
5.0
EPSS Score
0.08%
Published
2005-01-27
Updated
2008-09-05
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
Max CVSS
10.0
EPSS Score
4.64%
Published
2005-01-27
Updated
2017-07-11
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
Max CVSS
10.0
EPSS Score
7.00%
Published
2005-01-27
Updated
2017-10-11
The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.
Max CVSS
5.0
EPSS Score
3.72%
Published
2004-09-28
Updated
2018-03-13
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).
Max CVSS
5.0
EPSS Score
2.95%
Published
2003-12-01
Updated
2017-07-11
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
Max CVSS
7.2
EPSS Score
0.06%
Published
2003-01-02
Updated
2018-05-03
Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.
Max CVSS
10.0
EPSS Score
6.31%
Published
2002-12-26
Updated
2016-10-18
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
Max CVSS
7.5
EPSS Score
1.40%
Published
2002-12-26
Updated
2024-01-21
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
Max CVSS
7.5
EPSS Score
5.13%
Published
2002-12-26
Updated
2017-10-10