Summary
Detail | |||
---|---|---|---|
Vendor | Easy Software Products | First view | 2005-09-13 |
Product | Cups | Last view | 2008-02-25 |
Version | 1.1.22 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:easy_software_products:cups |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2008-02-25 | CVE-2008-0597 | Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. |
5 | 2008-02-25 | CVE-2008-0596 | Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
5 | 2005-09-13 | CVE-2005-2874 | The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
80% (4) | CWE-399 | Resource Management Errors |
20% (1) | CWE-189 | Numeric Errors |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
42159 | CUPS Crafted IPP Packets Remote DoS |
42158 | CUPS Add / Remove Shared Printer Request Saturation DoS |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
12834 | CUPS Malformed Traversal HTTP Request Remote DoS |
OpenVAS Exploits
id | Description |
---|---|
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0161-01 File : nvt/gb_RHSA-2008_0161-01_cups.nasl |
2009-03-06 | Name : RedHat Update for cups RHSA-2008:0153-01 File : nvt/gb_RHSA-2008_0153-01_cups.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0161 centos5 x86_64 File : nvt/gb_CESA-2008_0161_cups_centos5_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0161 centos5 i386 File : nvt/gb_CESA-2008_0161_cups_centos5_i386.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0153 centos3 x86_64 File : nvt/gb_CESA-2008_0153_cups_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for cups CESA-2008:0153 centos3 i386 File : nvt/gb_CESA-2008_0153_cups_centos3_i386.nasl |
2009-01-23 | Name : SuSE Update for cups SUSE-SA:2008:012 File : nvt/gb_suse_2008_012.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
2008-09-04 | Name : FreeBSD Ports: cups-base File : nvt/freebsd_cups-base.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 931-1 (xpdf) File : nvt/deb_931_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 962-1 (pdftohtml) File : nvt/deb_962_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 961-1 (pdfkit.framework) File : nvt/deb_961_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 950-1 (cupsys) File : nvt/deb_950_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 940-1 (gpdf) File : nvt/deb_940_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 938-1 (koffice) File : nvt/deb_938_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 937-1 (tetex-bin) File : nvt/deb_937_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 936-1 (libextractor) File : nvt/deb_936_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 932-1 (xpdf) File : nvt/deb_932_1.nasl |
2005-11-03 | Name : CUPS < 1.1.23 Multiple Vulnerabilities File : nvt/cups_multiple_vulnerabilities.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-045-09 xpdf File : nvt/esoft_slk_ssa_2006_045_09.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-045-04 kdegraphics File : nvt/esoft_slk_ssa_2006_045_04.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0153.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0161.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080225_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12099.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-051.nasl - Type: ACT_GATHER_INFO |
2008-03-19 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2008-002.nasl - Type: ACT_GATHER_INFO |
2008-03-07 | Name: The remote openSUSE host is missing a security update. File: suse_cups-5064.nasl - Type: ACT_GATHER_INFO |
2008-03-07 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_cups-5063.nasl - Type: ACT_GATHER_INFO |
2008-02-27 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0161.nasl - Type: ACT_GATHER_INFO |
2008-02-26 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2008-0153.nasl - Type: ACT_GATHER_INFO |
2008-02-26 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0161.nasl - Type: ACT_GATHER_INFO |
2008-02-26 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0153.nasl - Type: ACT_GATHER_INFO |
2007-01-08 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-772.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
2006-07-05 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO |