U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 45 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2009-0949

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

Published: June 09, 2009; 1:30:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2009-0164

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.

Published: April 24, 2009; 11:30:00 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2009-1183

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1182

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-1181

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-1180

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-1179

Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-0800

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-0799

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0166

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0163

Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-0147

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0146

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

Published: April 23, 2009; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0032

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

Published: January 27, 2009; 3:30:00 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2008-5184

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

Published: November 20, 2008; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Published: November 20, 2008; 9:30:00 PM -0500
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2008-3640

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

Published: October 14, 2008; 5:10:35 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-3639

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

Published: October 14, 2008; 5:10:35 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-3641

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

Published: October 10, 2008; 6:30:03 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-1033

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

Published: June 02, 2008; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW