CVE-2008-0597 : Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions,

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

Published 2008-02-26 00:44:00

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2008-0597

Easy Software Products » Cups » Version: 1.1.17
cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Desktop » Version: 3.0
When used together with: Redhat » Desktop » Version: 4.0
When used together with: Redhat » Enterprise Linux » Version: As 3
When used together with: Redhat » Enterprise Linux » Version: As 4
When used together with: Redhat » Enterprise Linux » Version: Es 3
When used together with: Redhat » Enterprise Linux » Version: Es 4
When used together with: Redhat » Enterprise Linux » Version: Ws 3
When used together with: Redhat » Enterprise Linux » Version: Ws 4
Easy Software Products » Cups » Version: 1.1.22
cpe:2.3:a:easy_software_products:cups:1.1.22:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Desktop » Version: 3.0
When used together with: Redhat » Desktop » Version: 4.0
When used together with: Redhat » Enterprise Linux » Version: As 3
When used together with: Redhat » Enterprise Linux » Version: As 4
When used together with: Redhat » Enterprise Linux » Version: Es 3
When used together with: Redhat » Enterprise Linux » Version: Es 4
When used together with: Redhat » Enterprise Linux » Version: Ws 3
When used together with: Redhat » Enterprise Linux » Version: Ws 4

Exploit prediction scoring system (EPSS) score for CVE-2008-0597

EPSS FAQ

5.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-0597

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2008-0597

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-0597

http://secunia.com/advisories/29251

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/bid/27988

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050

Mandriva

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0161.html

CVEs referencing this url
http://wiki.rpath.com/Advisories:rPSA-2008-0091

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm

ASA-2008-084 (RHSA-2008-0153)

CVEs referencing this url
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0091

CVEs referencing this url
http://secunia.com/advisories/29087

Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9492
http://secunia.com/advisories/29189

CVEs referencing this url
https://issues.rpath.com/browse/RPL-2283

CVEs referencing this url
http://www.securityfocus.com/archive/1/488966/100/0/threaded

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/40845
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html

[security-announce] SUSE Security Announcement: cups (SUSE-SA:2008:012) - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://www.securitytracker.com/id?1019497

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0153.html

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2008-098.htm

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-0597

Products affected by CVE-2008-0597

Exploit prediction scoring system (EPSS) score for CVE-2008-0597

CVSS scores for CVE-2008-0597

CWE ids for CVE-2008-0597

References for CVE-2008-0597