CVE-2008-0882

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.2.12-r7 CUPS version 1.3.5

Description The issue is related to a double free vulnerability in the process browse data function, which can be exploited by sending crafted UDP Browse packets to the cupsd port (631/udp). This could lead to a denial of service (daemon crash) and potentially allow the execution of arbitrary code. The vulnerability is also related to an unspecified manipulation of a remote printer. Additionally, there are multiple vulnerabilities in the CUPS package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For CUPS versions prior to 1.2.12-r7, update to version 1.2.12-r7 or later. For CUPS version 1.3.5, consider disabling the process browse data function as a temporary workaround until a patch is available. Restrict access to the cupsd port (631/udp) to minimize the risk of exploitation.