Your submission was sent successfully! Close

CVE-2009-3553

Published: 19 November 2009

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.

Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid
Released (1.3.9-2ubuntu9.5)
jaunty
Released (1.3.9-17ubuntu3.6)
karmic
Released (1.4.1-5ubuntu2.4)
upstream
Released (1.4.2-4)
cupsys
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
hardy
Released (1.3.7-1ubuntu3.8)
intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage