Skip to navigation

CVE Database

CVE-2007-4351

Impact: Important
Public: 2007-10-31
Bugzilla: 345091: CVE-2007-4351 cups boundary error

Details

The MITRE CVE dictionary describes this issue as:

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

Find out more about CVE-2007-4351 from the MITRE CVE dictionary and NIST NVD.

Statement

Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5.

This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from

https://rhn.redhat.com/cve/CVE-2007-4351.html

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 (cups) RHSA-2007:1023 November 07, 2007
Red Hat Enterprise Linux version 4 (cups) RHSA-2007:1022 November 07, 2007
Red Hat Enterprise Linux version 5 (cups) RHSA-2007:1020 October 31, 2007

External References

Acknowledgements

Red Hat would like to thank Alin Rad Pop for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.