Your submission was sent successfully! Close

CVE-2010-2941

Published: 28 October 2010

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
Upstream Needs triage

This vulnerability is mitigated in part by an AppArmor profile.
cupsys
Launchpad, Ubuntu, Debian
Upstream Needs triage