CVE-2009-3553

Name of the Vulnerable Software and Affected Versions CUPS versions 1.3.7 through 1.3.10

Description The issue is related to a use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function. This vulnerability allows remote attackers to cause a denial of service, resulting in a daemon crash or hang, by disconnecting during the listing of a large number of print jobs. The problem is caused by improperly maintaining a reference count.

Recommendations For versions 1.3.7 and 1.3.10, consider disabling the cupsdDoSelect function as a temporary workaround until a patch is available. Restrict access to the scheduler in cupsd to minimize the risk of exploitation. Avoid using the affected interface during the listing of print jobs until the issue is resolved.