CVE-2010-4267

Name of the Vulnerable Software and Affected Versions hplip versions 1.6.7 through 3.10.9 hplip3-common version 3.9.8 hplip3-libs version 3.9.8 hplip3-gui version 3.9.8 hpijs version 1.6.7 libsane-hpaio version 1.6.7 libsane-hpaio3 version 3.9.8 hplip version 3.9.8

Description The issue is related to a stack-based buffer overflow in the hpmud get pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP), which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For hplip versions 1.6.7 through 3.10.9, consider updating to a version later than 3.11.10. For hplip3-common version 3.9.8, restrict access to the hpmud get pml function until a patch is available. For hplip3-libs version 3.9.8, avoid using the hpmud get pml function in the affected API endpoint until the issue is resolved. For hplip3-gui version 3.9.8, disable the hpmud get pml function as a temporary workaround until a patch is available. For hpijs version 1.6.7, restrict access to the vulnerable module to minimize the risk of exploitation. For libsane-hpaio version 1.6.7, consider disabling the hpmud get pml function until a patch is available. For libsane-hpaio3 version 3.9.8, avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. For hplip version 3.9.8, update to a version later than 3.11.10 to resolve the issue.