CVE-2010-2941
05.11.2010, 17:00
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apple | cups | 𝑥 ≤ 1.4.4 |
| apple | mac_os_x | 𝑥 < 10.5.8 |
| apple | mac_os_x | 10.6.0 ≤ 𝑥 ≤ 10.6.4 |
| apple | mac_os_x_server | 𝑥 < 10.5.8 |
| apple | mac_os_x_server | 10.6.0 ≤ 𝑥 ≤ 10.6.4 |
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 8.04 |
| canonical | ubuntu_linux | 9.10 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 10.10 |
| debian | debian_linux | 5.0 |
| opensuse | opensuse | 11.1 |
| opensuse | opensuse | 11.2 |
| opensuse | opensuse | 11.3 |
| suse | linux_enterprise | 10.0:sp3 |
| suse | linux_enterprise | 11.0 |
| suse | linux_enterprise | 11.0:sp1 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_workstation | 5.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References