CVE-2009-0949

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 1.3.10

Description The issue is related to the ippReadIO function in cups/ipp.c, which does not properly initialize memory for IPP request packets. This allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and daemon crash, via a scheduler request with two consecutive IPP TAG UNSUPPORTED tags.

Recommendations For versions prior to 1.3.10, update to version 1.3.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the scheduler request to minimize the risk of exploitation.