Vulnerability CVE-2009-3553: Information
Description
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs |
|
37360 |
|
http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs |
|
RHSA-2009:1595 |
|
37364 |
|
http://www.cups.org/str.php?L3200 |
|
http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs |
|
37048 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=530111 |
|
FEDORA-2009-12652 |
|
http://support.apple.com/kb/HT4004 |
|
APPLE-SA-2010-01-19-1 |
|
38241 |
|
ADV-2010-0173 |
|
USN-906-1 |
|
275230 |
|
MDVSA-2010:073 |
|
DSA-2176 |
|
ADV-2011-0535 |
|
43521 |
|
GLSA-201207-10 |
|
oval:org.mitre.oval:def:11183 |
|