Use-After-Free Vulnerability in CUPS by Apple
CVE-2009-3553

7.5HIGH

Key Information:

Vendor
Apple
Status
Cups
Vendor
CVE Published:
20 November 2009

Summary

A use-after-free vulnerability exists within the abstract file-descriptor handling interface of CUPS in the cupsdDoSelect function. This flaw can be exploited by remote attackers to trigger a denial of service condition, causing the daemon to crash or hang whenever a client disconnects while a large number of print jobs are being processed. The issue arises directly from improper management of reference counts, highlighting the importance of safeguarding against such vulnerabilities in service-oriented applications.

References

http://secunia.com/advisories/37364
third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.ubuntu.com/usn/USN-906-1
vendor-advisoryx_refsource_UBUNTU

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.