Buffer overflow in Apple Cups

CVE-2010-1748

The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (pe…

Vulnerability class: Buffer Overflow

EPSS: 0.124 (94.0th percentile) — read the EPSS interpretation.

Affected products

Apple Cups — versions 1.1.12, 1.1.9-1, 1.1.6-3
Apple Mac_os_x — versions 10.6.0, 10.6.3, 10.6.1
Apple Mac_os_x_server — versions 10.6.0, 10.6.3, 10.6.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

APPLE-SA-2010-06-15-1 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
MDVSA-2010:234 (vendor-advisory, x_refsource_MANDRIVA)
ADV-2010-1481 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
product-security@apple.com (x_refsource_CONFIRM)
40871 (Patch, vdb-entry, x_refsource_BID)
MDVSA-2010:232 (vendor-advisory, x_refsource_MANDRIVA)
SUSE-SR:2010:023 (vendor-advisory, x_refsource_SUSE)
DSA-2176 (vendor-advisory, x_refsource_DEBIAN)
product-security@apple.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
GLSA-201207-10 (vendor-advisory, x_refsource_GENTOO)