New Buffer Overflow Vulnerability in CUPS CGI

CUPS (Common UNIX Printing System), which provides a standard printer interface for various Unix based operating systems, has a new vulnerability.  An unspecified error within the CUPS CGI backend, if exploited by an attacker, could cause a heap-based buffer overflow by sending a specially crafted IPP request.

The ability to execute arbitrary code is possible if exploitation is successful, but it does require the vulnerable system to be sharing printers on the network.  If printer sharing is disabled, exploitation of this vulnerability is limited to malicious local users.

This vulnerability was reported in version 1.3.5, although other versions may also be affected. 

Currently, this vulnerability is unpatched.  The best solution is to restrict access to trusted users only and to disable printer sharing.


Secunia Advisory SA29431:

iDefense Labs:

Posted by Kitch Spicer on March 20, 2008, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at

PDF files can be viewed in Adobe Acrobat Reader.