CVE-2010-2941 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
apple	cups	𝑥 ≤ 1.4.4
apple	mac_os_x	𝑥 < 10.5.8
apple	mac_os_x	10.6.0 ≤ 𝑥 ≤ 10.6.4
apple	mac_os_x_server	𝑥 < 10.5.8
apple	mac_os_x_server	10.6.0 ≤ 𝑥 ≤ 10.6.4
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
debian	debian_linux	5.0
opensuse	opensuse	11.1
opensuse	opensuse	11.2
opensuse	opensuse	11.3
suse	linux_enterprise	10.0:sp3
suse	linux_enterprise	11.0
suse	linux_enterprise	11.0:sp1
redhat	enterprise_linux	5.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_workstation	5.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cups

bookworm	2.4.2-3+deb12u7 fixed
bookworm (security)	2.4.2-3+deb12u8 fixed
bullseye	2.3.3op2-3+deb11u8 fixed
bullseye (security)	2.3.3op2-3+deb11u9 fixed
sid	2.4.10-2 fixed
trixie	2.4.10-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

cups

dapper	dne
hardy	dne
karmic	Fixed 1.4.1-5ubuntu2.7 released
lucid	Fixed 1.4.3-1ubuntu1.3 released
maverick	Fixed 1.4.4-6ubuntu2.2 released

cupsys

dapper	Fixed 1.2.2-0ubuntu0.6.06.20 released
hardy	Fixed 1.3.7-1ubuntu3.12 released
karmic	dne
lucid	dne
maverick	dne

openSUSE / SLES Releases

openSUSE Product

Release

cups

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 12 SP5	1.7.5-20.23.1 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 12 SP5	1.7.5-20.23.1 fixed
suse enterprise server 15	2.2.7-1.24 fixed

cups-client

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 12 SP5	1.7.5-20.23.1 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 12 SP5	1.7.5-20.23.1 fixed
suse enterprise server 15	2.2.7-1.24 fixed

cups-config

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 15	2.2.7-1.24 fixed

cups-devel

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 15	2.2.7-1.24 fixed

cups-libs

suse enterprise sap 12 SP5	1.7.5-20.23.1 fixed
suse enterprise server 12 SP5	1.7.5-20.23.1 fixed

cups-libs-32bit

suse enterprise sap 12 SP5	1.7.5-20.23.1 fixed
suse enterprise server 12 SP5	1.7.5-20.23.1 fixed

cups154

suse enterprise sap 12	1.5.4-2.5 fixed
suse enterprise sap 12 SP3	1.5.4-2.5 fixed
suse enterprise sap 12 SP4	1.5.4-2.5 fixed
suse enterprise sap 12 SP5	1.5.4-2.5 fixed
suse enterprise server 12	1.5.4-2.5 fixed
suse enterprise server 12 SP3	1.5.4-2.5 fixed
suse enterprise server 12 SP4	1.5.4-2.5 fixed
suse enterprise server 12 SP5	1.5.4-2.5 fixed

cups154-client

suse enterprise sap 12	1.5.4-2.5 fixed
suse enterprise sap 12 SP3	1.5.4-2.5 fixed
suse enterprise sap 12 SP4	1.5.4-2.5 fixed
suse enterprise sap 12 SP5	1.5.4-2.5 fixed
suse enterprise server 12	1.5.4-2.5 fixed
suse enterprise server 12 SP3	1.5.4-2.5 fixed
suse enterprise server 12 SP4	1.5.4-2.5 fixed
suse enterprise server 12 SP5	1.5.4-2.5 fixed

cups154-filters

suse enterprise sap 12	1.5.4-2.5 fixed
suse enterprise sap 12 SP3	1.5.4-2.5 fixed
suse enterprise sap 12 SP4	1.5.4-2.5 fixed
suse enterprise sap 12 SP5	1.5.4-2.5 fixed
suse enterprise server 12	1.5.4-2.5 fixed
suse enterprise server 12 SP3	1.5.4-2.5 fixed
suse enterprise server 12 SP4	1.5.4-2.5 fixed
suse enterprise server 12 SP5	1.5.4-2.5 fixed

cups154-libs

suse enterprise sap 12	1.5.4-2.5 fixed
suse enterprise sap 12 SP3	1.5.4-2.5 fixed
suse enterprise sap 12 SP4	1.5.4-2.5 fixed
suse enterprise sap 12 SP5	1.5.4-2.5 fixed
suse enterprise server 12	1.5.4-2.5 fixed
suse enterprise server 12 SP3	1.5.4-2.5 fixed
suse enterprise server 12 SP4	1.5.4-2.5 fixed
suse enterprise server 12 SP5	1.5.4-2.5 fixed

libcups2

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 15	2.2.7-1.24 fixed

libcupscgi1

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 15	2.2.7-1.24 fixed

libcupsimage2

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 15	2.2.7-1.24 fixed

libcupsmime1

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 15	2.2.7-1.24 fixed

libcupsppdc1

suse enterprise desktop 15	2.2.7-1.24 fixed
suse enterprise sap 15	2.2.7-1.24 fixed
suse enterprise server 15	2.2.7-1.24 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

cups

RHEL 6

1:1.4.2-35.el6_0.1

fixed

cups-devel

RHEL 6

1:1.4.2-35.el6_0.1

fixed

cups-libs

RHEL 6

1:1.4.2-35.el6_0.1

fixed

cups-lpd

RHEL 6

1:1.4.2-35.el6_0.1

fixed

cups-php

RHEL 6

1:1.4.2-35.el6_0.1

fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

http://rhn.redhat.com/errata/RHSA-2010-0811.html

http://secunia.com/advisories/42287

http://secunia.com/advisories/42867

http://secunia.com/advisories/43521

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://securitytracker.com/id?1024662

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323

http://support.apple.com/kb/HT4435

http://www.debian.org/security/2011/dsa-2176

http://www.mandriva.com/security/advisories?name=MDVSA-2010:232

http://www.mandriva.com/security/advisories?name=MDVSA-2010:233

http://www.mandriva.com/security/advisories?name=MDVSA-2010:234

http://www.osvdb.org/68951

http://www.redhat.com/support/errata/RHSA-2010-0866.html

http://www.securityfocus.com/bid/44530

http://www.ubuntu.com/usn/USN-1012-1

http://www.vupen.com/english/advisories/2010/2856

http://www.vupen.com/english/advisories/2010/3042

http://www.vupen.com/english/advisories/2010/3088

http://www.vupen.com/english/advisories/2011/0061

http://www.vupen.com/english/advisories/2011/0535

https://bugzilla.redhat.com/show_bug.cgi?id=624438

https://exchange.xforce.ibmcloud.com/vulnerabilities/62882

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

http://rhn.redhat.com/errata/RHSA-2010-0811.html

http://secunia.com/advisories/42287

http://secunia.com/advisories/42867

http://secunia.com/advisories/43521

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://securitytracker.com/id?1024662

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323

http://support.apple.com/kb/HT4435

http://www.debian.org/security/2011/dsa-2176

http://www.mandriva.com/security/advisories?name=MDVSA-2010:232

http://www.mandriva.com/security/advisories?name=MDVSA-2010:233

http://www.mandriva.com/security/advisories?name=MDVSA-2010:234

http://www.osvdb.org/68951

http://www.redhat.com/support/errata/RHSA-2010-0866.html

http://www.securityfocus.com/bid/44530

http://www.ubuntu.com/usn/USN-1012-1

http://www.vupen.com/english/advisories/2010/2856

http://www.vupen.com/english/advisories/2010/3042

http://www.vupen.com/english/advisories/2010/3088

http://www.vupen.com/english/advisories/2011/0061

http://www.vupen.com/english/advisories/2011/0535

https://bugzilla.redhat.com/show_bug.cgi?id=624438

https://exchange.xforce.ibmcloud.com/vulnerabilities/62882