|Bugzilla:||345091: CVE-2007-4351 cups boundary error|
The MITRE CVE dictionary describes this issue as:
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5.
This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from
Red Hat security errata
|Red Hat Enterprise Linux version 3 (cups)||RHSA-2007:1023||November 07, 2007|
|Red Hat Enterprise Linux version 4 (cups)||RHSA-2007:1022||November 07, 2007|
|Red Hat Enterprise Linux version 5 (cups)||RHSA-2007:1020||October 31, 2007|
Red Hat would like to thank Alin Rad Pop for reporting this issue.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.