Remote Code Execution and Denial of Service in CUPS by Apple
CVE-2010-0542

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 21 June 2010

Summary

The _WriteProlog function in the Text Filter subsystem of CUPS earlier than version 1.4.4 contains flaws due to inadequate checks on calloc return values. These flaws may expose the system to remote attackers capable of crafting malicious files, potentially leading to denial of service through NULL pointer dereference or heap memory corruption. In some cases, it may even enable execution of arbitrary code, posing significant security risks to affected systems.

References

https://bugzilla.redhat.com/show_bug.cgi?id=587746

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.securityfocus.com/bid/40943

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 21, 2010
Vulnerability Reserved
Feb 3, 2010