Your submission was sent successfully! Close

CVE-2010-2941

Published: 28 October 2010

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (1.4.1-5ubuntu2.7)
lucid
Released (1.4.3-1ubuntu1.3)
maverick
Released (1.4.4-6ubuntu2.2)
upstream Needs triage

cupsys
Launchpad, Ubuntu, Debian
dapper
Released (1.2.2-0ubuntu0.6.06.20)
hardy
Released (1.3.7-1ubuntu3.12)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Needs triage