Buffer overflow in Linuxfoundation Cups-filters

CVE-2014-4337

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.

Vulnerability class: Buffer Overflow

EPSS: 0.021 (84.5th percentile) — read the EPSS interpretation.

Affected products

Linuxfoundation Cups-filters
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

RHSA-2014:1795 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
62044 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
68122 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
[oss-security] 20140619 Re: cups-browsed remote exploit (mailing-list, x_refsource_MLIST, Mailing List)