CVEs (35)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. |
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. |
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. |
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based...Show more |
18Conectiva DebianEasy Software Products+15 more33Cups Debian LinuxEnterprise Linux+30 moreApr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null derefer...Show more |
18Conectiva DebianEasy Software Products+15 more33Cups Debian LinuxEnterprise Linux+30 moreApr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated usi...Show more |
18Conectiva DebianEasy Software Products+15 more33Cups Debian LinuxEnterprise Linux+30 moreApr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDe...Show more |
The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. |
2Apple Easy Software Products2Cups Mac Os XApr 16, 2026 Aug 19, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. |
2Apple Easy Software Products2Cups Mac Os XApr 16, 2026 Aug 19, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt). |
15Ascii CstexDebian+12 more22Advanced Linux Environment CstetexCups+19 moreApr 16, 2026 Apr 27, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the origin...Show more |
2Apple Easy Software Products3Cups Mac Os XMac Os X ServerApr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions. |
2Apple Easy Software Products3Cups Mac Os XMac Os X ServerApr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image. |
2Apple Easy Software Products3Cups Mac Os XMac Os X ServerApr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not. |
2Apple Easy Software Products3Cups Mac Os XMac Os X ServerApr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords. |
11Debian Easy Software ProductsGentoo+8 more16Cups Debian LinuxEnterprise Linux+13 moreApr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilit...Show more |
11Debian Easy Software ProductsGentoo+8 more16Cups Debian LinuxEnterprise Linux+13 moreApr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code,...Show more |
2Easy Software Products Redhat2Cups Fedora CoreApr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows loc...Show more |
2Easy Software Products Redhat2Cups Fedora CoreApr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. |
2Easy Software Products Redhat2Cups Fedora CoreApr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. |