Search Results (72 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2525 2 Apple, Easy Software Products 2 Mac Os X, Cups 2026-04-16 N/A
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
CVE-2005-2526 2 Apple, Easy Software Products 2 Mac Os X, Cups 2026-04-16 N/A
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
CVE-2004-0923 3 Apple, Easy Software Products, Redhat 4 Mac Os X, Mac Os X Server, Cups and 1 more 2026-04-16 N/A
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
CVE-2004-0924 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2026-04-16 N/A
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
CVE-2004-0926 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2026-04-16 N/A
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
CVE-2004-0927 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2026-04-16 N/A
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
CVE-2002-1366 3 Apple, Easy Software Products, Redhat 3 Mac Os X, Cups, Linux 2026-04-16 N/A
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
CVE-2002-1371 3 Apple, Easy Software Products, Redhat 3 Mac Os X, Cups, Linux 2026-04-16 N/A
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
CVE-2014-3537 4 Apple, Canonical, Fedoraproject and 1 more 4 Cups, Ubuntu Linux, Fedora and 1 more 2025-04-12 N/A
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
CVE-2014-5031 3 Apple, Canonical, Redhat 3 Cups, Ubuntu Linux, Enterprise Linux 2025-04-12 N/A
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
CVE-2014-5030 3 Apple, Canonical, Redhat 3 Cups, Ubuntu Linux, Enterprise Linux 2025-04-12 N/A
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
CVE-2014-9679 5 Apple, Canonical, Fedoraproject and 2 more 5 Cups, Ubuntu Linux, Fedora and 2 more 2025-04-12 N/A
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
CVE-2014-5029 3 Apple, Canonical, Redhat 3 Cups, Ubuntu Linux, Enterprise Linux 2025-04-12 N/A
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
CVE-2014-2856 2 Apple, Redhat 2 Cups, Enterprise Linux 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.
CVE-2013-6891 2 Apple, Canonical 2 Cups, Ubuntu Linux 2025-04-11 N/A
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
CVE-2011-2896 4 Apple, Gimp, Redhat and 1 more 4 Cups, Gimp, Enterprise Linux and 1 more 2025-04-11 N/A
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
CVE-2010-3702 9 Apple, Canonical, Debian and 6 more 12 Cups, Ubuntu Linux, Debian Linux and 9 more 2025-04-11 N/A
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2010-2431 2 Apple, Redhat 2 Cups, Enterprise Linux 2025-04-11 N/A
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
CVE-2010-2432 1 Apple 1 Cups 2025-04-11 N/A
The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.
CVE-2011-3170 1 Apple 1 Cups 2025-04-11 N/A
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.