CVE-2007-4351

Upstream information

CVE-2007-4351 at MITRE

Description

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 335635 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SA:2007:058, published Wed, 31 Oct 2007 16:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	`cups >= 1.3.9-8.30.1` `cups-client >= 1.3.9-8.30.1` `cups-libs >= 1.3.9-8.30.1` `cups-libs-32bit >= 1.3.9-8.30.1` `cups-libs-x86 >= 1.3.9-8.30.1`
SUSE Linux Enterprise Server 11 SP2	`cups >= 1.3.9-8.44.1` `cups-client >= 1.3.9-8.44.1` `cups-libs >= 1.3.9-8.44.1` `cups-libs-32bit >= 1.3.9-8.44.1` `cups-libs-x86 >= 1.3.9-8.44.1`
SUSE Linux Enterprise Server 11 SP3	`cups >= 1.3.9-8.46.46.1` `cups-client >= 1.3.9-8.46.46.1` `cups-libs >= 1.3.9-8.46.46.1` `cups-libs-32bit >= 1.3.9-8.46.46.1` `cups-libs-x86 >= 1.3.9-8.46.46.1`
SUSE Linux Enterprise Server 11 SP4	`cups >= 1.3.9-8.46.56.1` `cups-client >= 1.3.9-8.46.56.1` `cups-libs >= 1.3.9-8.46.56.1` `cups-libs-32bit >= 1.3.9-8.46.56.1` `cups-libs-x86 >= 1.3.9-8.46.56.1`
SUSE Linux Enterprise Software Development Kit 11 SP4	`cups-devel >= 1.3.9-8.46.56.1`

CVE-2007-4351

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Support Offerings

Global Services

Support Resources

Partners

Communities

About