CVE-2010-2941

Name of the Vulnerable Software and Affected Versions CUPS versions 1.4.4 and earlier

Description The issue is related to the improper allocation of memory for attribute values with invalid string data types in the ipp.c file of cupsd in CUPS. This can be exploited by remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The vulnerability may lead to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For CUPS versions 1.4.4 and earlier, consider updating to a version later than 1.4.4 to resolve the issue. As a temporary workaround, restrict access to the vulnerable ipp.c module to minimize the risk of exploitation. Avoid using crafted IPP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but updating to the latest version available is recommended.