<p>Upgrade <code>Debian:9</code> <code>cups</code> to version 1.3.6-1 or higher.</p>

Out-of-Bounds Affecting cups package, versions <1.3.6-1

Threat Intelligence

12.29% (96^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN9-CUPS-364557
published 21 Feb 2008
disclosed 21 Feb 2008

Report a new vulnerability Found a mistake?

Introduced: 21 Feb 2008

CVE-2008-0882 Open this link in a new tab CWE-119 Open this link in a new tab

How to fix?

Upgrade Debian:9 cups to version 1.3.6-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream cups package and not the cups package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High