{"api_version":"1","generated_at":"2026-04-22T23:21:46+00:00","cve":"CVE-2007-5849","urls":{"html":"https://cve.report/CVE-2007-5849","api":"https://cve.report/api/cve/CVE-2007-5849.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5849","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5849"},"summary":{"title":"CVE-2007-5849","description":"Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-12-19 21:46:00","updated_at":"2017-07-29 01:33:00"},"problem_types":["CWE-189"],"metrics":[],"references":[{"url":"http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml","name":"GLSA-200712-14","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  CUPS: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4242","name":"ADV-2007-4242","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28136","name":"28136","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-352A.html","name":"TA07-352A","refsource":"CERT","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39101","name":"cups-asn1getstring-bo(39101)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28636","name":"28636","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-563-1","name":"USN-563-1","refsource":"UBUNTU","tags":[],"title":"USN-563-1: CUPS vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://docs.info.apple.com/article.html?artnum=307179","name":"http://docs.info.apple.com/article.html?artnum=307179","refsource":"CONFIRM","tags":[],"title":"About Security Update 2007-009","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.debian.org/security/2007/dsa-1437","name":"DSA-1437","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1437-1 cupsys","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html","name":"APPLE-SA-2007-12-17","refsource":"APPLE","tags":[],"title":"APPLE-SA-2007-12-17 Security Update 2007-009","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28113","name":"28113","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for cups - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39097","name":"macos-snmp-bo(39097)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html","name":"SUSE-SA:2008:002","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE Security Announcement: cups (SUSE-SA:2008:002)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26910","name":"26910","refsource":"BID","tags":[],"title":"Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00908.html","name":"FEDORA-2008-0322","refsource":"FEDORA","tags":[],"title":"Fedora 8 Update: cups-1.3.5-2.fc8","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28676","name":"28676","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Fedora update for cups - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4238","name":"ADV-2007-4238","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26917","name":"26917","refsource":"BID","tags":[],"title":"Common UNIX Printing System SNMP 'asn1_get_string()' Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/28129","name":"28129","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"CUPS SNMP Backend \"asn1_get_string()\" Signedness Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/suse_security_summary_report.html","name":"SUSE-SR:2008:002","refsource":"SUSE","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/28200","name":"28200","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Debian update for cupsys - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:036","name":"MDVSA-2008:036","refsource":"MANDRIVA","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.cups.org/str.php?L2589","name":"http://www.cups.org/str.php?L2589","refsource":"CONFIRM","tags":[],"title":"SNMP backend integer underflow/stack overflow in asn1_get_string() · Issue #2589 · apple/cups · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28386","name":"28386","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for cups - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28441","name":"28441","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SUSE update for cups - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.gentoo.org/show_bug.cgi?id=201570","name":"http://bugs.gentoo.org/show_bug.cgi?id=201570","refsource":"CONFIRM","tags":[],"title":"Gentoo Bug 201570 - net-print/cups < 1.2.12-r4 SNMP backend buffer overflow (CVE-2007-5849)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5849","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5849","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5849","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.2.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5849","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"easy_software_products","cpe5":"cups","cpe6":"1.3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2007-5849","organization":"Red Hat","lastmodified":"2008-01-02","contributor":"Joshua Bressers","statementText":"Not vulnerable. This flaw does not affect the version of CUPS shipped in Red Hat Enterprise Linux 3 or 4. After a detailed analysis of this flaw, it has been determined it does not pose a security threat on Red Hat Enterprise Linux 5. For more details regarding this analysis, please see: https://bugzilla.redhat.com/show_bug.cgi?id=415131","cve_year":"2007","cve_id":"5849","crc32":"03f2ab88"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5849","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.cups.org/str.php?L2589","refsource":"CONFIRM","url":"http://www.cups.org/str.php?L2589"},{"name":"cups-asn1getstring-bo(39101)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39101"},{"name":"ADV-2007-4238","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/4238"},{"name":"TA07-352A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA07-352A.html"},{"name":"28129","refsource":"SECUNIA","url":"http://secunia.com/advisories/28129"},{"name":"SUSE-SR:2008:002","refsource":"SUSE","url":"http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"},{"name":"28441","refsource":"SECUNIA","url":"http://secunia.com/advisories/28441"},{"name":"28136","refsource":"SECUNIA","url":"http://secunia.com/advisories/28136"},{"name":"28113","refsource":"SECUNIA","url":"http://secunia.com/advisories/28113"},{"name":"28200","refsource":"SECUNIA","url":"http://secunia.com/advisories/28200"},{"name":"USN-563-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-563-1"},{"name":"GLSA-200712-14","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml"},{"name":"26910","refsource":"BID","url":"http://www.securityfocus.com/bid/26910"},{"name":"SUSE-SA:2008:002","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html"},{"name":"FEDORA-2008-0322","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00908.html"},{"name":"APPLE-SA-2007-12-17","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"},{"name":"28676","refsource":"SECUNIA","url":"http://secunia.com/advisories/28676"},{"name":"DSA-1437","refsource":"DEBIAN","url":"http://www.debian.org/security/2007/dsa-1437"},{"name":"http://docs.info.apple.com/article.html?artnum=307179","refsource":"CONFIRM","url":"http://docs.info.apple.com/article.html?artnum=307179"},{"name":"28386","refsource":"SECUNIA","url":"http://secunia.com/advisories/28386"},{"name":"http://bugs.gentoo.org/show_bug.cgi?id=201570","refsource":"CONFIRM","url":"http://bugs.gentoo.org/show_bug.cgi?id=201570"},{"name":"MDVSA-2008:036","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:036"},{"name":"28636","refsource":"SECUNIA","url":"http://secunia.com/advisories/28636"},{"name":"macos-snmp-bo(39097)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39097"},{"name":"ADV-2007-4242","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/4242"},{"name":"26917","refsource":"BID","url":"http://www.securityfocus.com/bid/26917"}]}},"nvd":{"publishedDate":"2007-12-19 21:46:00","lastModifiedDate":"2017-07-29 01:33:00","problem_types":["CWE-189"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:easy_software_products:cups:1.2.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:easy_software_products:cups:1.2.9:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:easy_software_products:cups:1.2.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:easy_software_products:cups:1.2.12:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:easy_software_products:cups:1.3.3:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5849","Ordinal":"28991","Title":"CVE-2007-5849","CVE":"CVE-2007-5849","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5849","Ordinal":"1","NoteData":"Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"5849","Ordinal":"2","NoteData":"2007-12-19","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5849","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}