CVE-2015-1158

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cups:cups:*:*:*:*:*:*:*:*

Information

Published : 2015-06-26 03:59

Updated : 2017-09-22 18:29


NVD link : CVE-2015-1158

Mitre link : CVE-2015-1158


JSON object : View

CWE
CWE-254

7PK - Security Features

Advertisement

dedicated server usa

Products Affected

cups

  • cups