CVE-2008-5183

Name of the Vulnerable Software and Affected Versions CUPS versions 1.3.9 and earlier cups-devel version 1.2.4 cups-libs version 1.2.4 cups-lpd version 1.2.4 cups version 1.2.4

Description The issue allows local users, and possibly remote attackers, to cause a denial of service by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. This can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed remotely.

Recommendations For CUPS versions 1.3.9 and earlier, consider disabling the RSS Subscriptions feature until a patch is available. For cups-devel version 1.2.4, restrict access to the vulnerable package to minimize the risk of exploitation. For cups-libs version 1.2.4, avoid using the vulnerable library in applications until the issue is resolved. For cups-lpd version 1.2.4, consider disabling the LPD service until a patch is available. For cups version 1.2.4, restrict access to the vulnerable package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.