CVE-2007-4351

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2007-4351
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2007-10-31 22:46:00 UTC
Updated2018-10-03 21:47:00 UTC
DescriptionOff-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Cups Cups All All All All

References

ReferenceSourceLinkTags
Security Announcement SUSE www.novell.com
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com
rPath update for cups - Advisories - Secunia SECUNIA secunia.com
US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnerabilities CERT www.us-cert.gov US Government Resource
Gentoo update for cups - Advisories - Secunia SECUNIA secunia.com
Repository / Oval Repository OVAL oval.cisecurity.org
Webmail- OVH VUPEN www.vupen.com
USN-539-1: CUPS vulnerability | Ubuntu security notices UBUNTU usn.ubuntu.com
Red Hat update for cups - Advisories - Secunia SECUNIA secunia.com
Ubuntu update for cups - Advisories - Secunia SECUNIA secunia.com
CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability BID www.securityfocus.com
About Security Update 2007-009 CONFIRM docs.info.apple.com
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
CUPS: Memory corruption — Gentoo Linux Documentation GENTOO security.gentoo.org
Mandriva update for cups - Advisories - Secunia SECUNIA secunia.com
Cisco Security Response: Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability   [Products & Services] - Cisco Systems CISCO www.cisco.com
Missing IPP value length range checks · Issue #2561 · apple/cups · GitHub CONFIRM www.cups.org
Advisories | Mandriva MANDRIVA www.mandriva.com
APPLE-SA-2007-12-17 Security Update 2007-009 APPLE lists.apple.com
IBM X-Force Exchange XF exchange.xforce.ibmcloud.com
Slackware update for cups - Advisories - Secunia SECUNIA secunia.com
issues.rpath.com/browse/RPL-1875 CONFIRM issues.rpath.com
The Slackware Linux Project: Slackware Security Advisories SLACKWARE slackware.com
[SECURITY] Fedora 7 Update: cups-1.2.12-6.fc7 FEDORA www.redhat.com
Debian -- Security Information -- DSA-1407-1 cupsys DEBIAN www.debian.org
Fedora update for cups - Advisories - Secunia SECUNIA secunia.com
CUPS IPP Tags Memory Corruption Vulnerability - Secunia Research - Secunia MISC secunia.com Vendor Advisory
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
US-CERT Vulnerability Note VU#446897 CERT-VN www.kb.cert.org US Government Resource
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
Red Hat update for cups - Advisories - Secunia SECUNIA secunia.com
SUSE update for cups - Advisories - Secunia SECUNIA secunia.com
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
Bug 361661 – CVE-2007-4351 cups boundary error [F7] CONFIRM bugzilla.redhat.com
Debian update for cupsys - Advisories - Secunia SECUNIA secunia.com
SecurityTracker.com Archives - CUPS Buffer Overflow in ippReadIO() Lets Remote Users Execute Arbitrary Code SECTRACK www.securitytracker.com
Webmail - OVH VUPEN www.vupen.com
ASA-2007-476 (RHSA-2007-1023) CONFIRM support.avaya.com
Cisco Wide Area Application Services CUPS IPP Tags Memory Corruption - Advisories - Secunia SECUNIA secunia.com
CUPS IPP Tags Memory Corruption Vulnerability - Advisories - Secunia SECUNIA secunia.com Patch, Vendor Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

OrganizationPublishedContributorStatement
Red Hat2007-11-09Mark J CoxVulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5. This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from https://rhn.redhat.com/cve/CVE-2007-4351.html
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report