Buffer overflow in Novell Iprint

CVE-2011-1701

Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.

Vulnerability class: Buffer Overflow

EPSS: 0.128 (94.2th percentile) — read the EPSS interpretation.

Affected products

Novell Iprint — versions 4.26, 4.27, 4.28
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

1025606 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Patch)
44811 (x_refsource_SECUNIA, third-party-advisory)
48124 (vdb-entry, x_refsource_BID)
novell-iprint-profilename-bo(67876) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
20110606 ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)