|
|
Apple » Cups » 1.1.17 : Security Vulnerabilities Published In 2009 (Denial Of Service)
Cpe Name: cpe:/a:apple:cups:1.1.17
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-1196 |
399 |
|
DoS |
2009-06-09 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw." |
|
2 |
CVE-2009-1183 |
399 |
|
DoS |
2009-04-23 |
2012-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. |
|
3 |
CVE-2009-1181 |
399 |
|
DoS |
2009-04-23 |
2012-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. |
|
4 |
CVE-2009-0949 |
399 |
|
DoS |
2009-06-09 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. |
|
5 |
CVE-2009-0799 |
119 |
|
DoS Overflow |
2009-04-23 |
2012-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. |
|
6 |
CVE-2009-0791 |
189 |
|
DoS Exec Code Overflow |
2009-06-09 |
2010-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. |
|
7 |
CVE-2009-0166 |
399 |
|
DoS |
2009-04-23 |
2010-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. |
|
8 |
CVE-2009-0163 |
189 |
|
DoS Exec Code Overflow |
2009-04-23 |
2010-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. |
|
9 |
CVE-2009-0147 |
189 |
|
DoS Overflow |
2009-04-23 |
2010-12-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. |
|
10 |
CVE-2009-0146 |
119 |
|
DoS Overflow |
2009-04-23 |
2010-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. |
Total number of vulnerabilities : 10
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
