CVE-2017-18248

Published: Mar 26, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update

mailing-list

x_refsource_MLIST

https://github.com/apple/cups/issues/5143

x_refsource_CONFIRM

[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update

mailing-list

x_refsource_MLIST

USN-3713-1

vendor-advisory

x_refsource_UBUNTU

https://security.cucumberlinux.com/security/details.php?id=346

x_refsource_MISC

https://github.com/apple/cups/releases/tag/v2.2.6

x_refsource_CONFIRM

https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-18248

Description

Affected Products

References