PT-2002-3149 · Apple · Cups

Published

1970-01-01

Updated

2025-01-16

CVE-2002-1372

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CUPS versions 1.1.14 through 1.1.17

Description The issue is related to multiple vulnerabilities in the CUPS package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service due to resource exhaustion by assigning and not releasing file descriptors.

Recommendations For CUPS versions 1.1.14 through 1.1.17, update to a version that properly checks the return values of file and socket operations to prevent resource exhaustion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

BDU:2015-01804

BDU:2015-01805

BDU:2015-07982

BDU:2015-07983

BDU:2015-07984

BDU:2015-07985

BDU:2015-07986

BDU:2015-07987

CVE-2002-1372

DSA-232

Affected Products

Cups

PT-2002-3149 · Apple · Cups

CVE-2002-1372

Weakness Enumeration

Related Identifiers

Affected Products

References · 36