CVE-2010-0302

Name of the Vulnerable Software and Affected Versions CUPS versions 1.3.7 CUPS-devel versions 1.3.7 cups-lpd versions 1.3.7 cups-libs versions 1.3.7

Description The issue is related to a use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function, which can be exploited remotely to cause a denial of service, such as a daemon crash or hang. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited when kqueue or epoll is used, and it is related to improperly maintaining a reference count.

Recommendations For CUPS versions 1.3.7, update to version 1.4.4 or later to resolve the issue. For CUPS-devel versions 1.3.7, update to version 1.4.4 or later to resolve the issue. For cups-lpd versions 1.3.7, update to version 1.4.4 or later to resolve the issue. For cups-libs versions 1.3.7, update to version 1.4.4 or later to resolve the issue.