Easy Software Products Cups — known CVE vulnerabilities
Every CVE whose affected-product data names Easy Software Products Cups, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2001-0194 — CVSS 10.0 (critical): Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
CVE-2002-1367 — CVSS 10.0 (critical): Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP…
CVE-2002-1369 — CVSS 10.0 (critical): jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the…
CVE-2002-1383 — CVSS 10.0 (critical): Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via…
CVE-2004-0888 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote…
CVE-2004-0889 — CVSS 10.0 (critical): Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of…
CVE-2004-0926 — CVSS 10.0 (critical): Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a…
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2004-1125 — CVSS 9.3 (critical): Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE…
CVE-2007-5849 — CVSS 9.3 (critical): Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers…
CVE-2002-1371 — CVSS 7.5 (high): filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which…
CVE-2002-1368 — CVSS 7.5 (high): Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute…
CVE-2002-0063 — CVSS 7.5 (high): Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or…
CVE-2001-1332 — CVSS 7.5 (high): Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
CVE-2005-0206 — CVSS 7.5 (high): The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux…
CVE-2002-1384 — CVSS 7.2 (high): Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code…
CVE-2004-1267 — CVSS 6.5 (medium): Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute…
CVE-2002-1366 — CVSS 6.2 (medium): Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via…
CVE-2008-1373 — CVSS 5.8 (medium): Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2008-0597 — CVSS 5.0 (medium): Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service…
CVE-2004-0558 — CVSS 5.0 (medium): The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service…
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2003-0788 — CVSS 5.0 (medium): Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a…
CVE-2004-0927 — CVSS 5.0 (medium): ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers…
CVE-2004-1269 — CVSS 5.0 (medium): lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which…
CVE-2004-0924 — CVSS 5.0 (medium): NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it…
CVE-2005-2525 — CVSS 5.0 (medium): CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows…
CVE-2005-2526 — CVSS 5.0 (medium): CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request…
CVE-2005-2874 — CVSS 5.0 (medium): The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of…
CVE-2008-0596 — CVSS 5.0 (medium): Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption…
CVE-2004-1268 — CVSS 2.1 (low): lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling…
CVE-2004-1270 — CVSS 2.1 (low): lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called…
CVE-2004-0923 — CVSS 2.1 (low): CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user…
CVE-2001-1333 — CVSS 1.2 (low): Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to…