[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250363

 
 

909

 
 

196124

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0542Date: (C)2010-06-21   (M)2024-02-22


The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1024121
BID-40943
SECUNIA-43521
ADV-2011-0535
DSA-2176
GLSA-201207-10
MDVSA-2010:232
MDVSA-2010:234
SUSE-SR:2010:023
http://cups.org/articles.php?L596
http://cups.org/str.php?L3516
http://cups.org/strfiles/3516/str3516.patch
https://bugzilla.redhat.com/show_bug.cgi?id=587746
oval:org.mitre.oval:def:10365

CPE    83
cpe:/a:apple:cups:1.2.12
cpe:/a:apple:cups:1.2.11
cpe:/a:apple:cups:1.3:rc1
cpe:/a:apple:cups:1.3:rc2
...
CWE    1
CWE-264
OVAL    15
oval:org.secpod.oval:def:201723
oval:org.secpod.oval:def:202813
oval:org.secpod.oval:def:202815
oval:org.secpod.oval:def:500488
...

© SecPod Technologies