CVE-2010-0393

CVE Database · CVE-2010-0393

CVE-2010-0393

· N/AModified

CVSS v3.1

N/A

EPSS

0.32%

Published

Mar 5, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.

Weaknesses (CWE)

CWE-264

Affected Products (4)

apple · cupsvulnerable

References (18)

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://support.apple.com/kb/HT4077

http://www.cups.org/str.php?L3482

http://www.mandriva.com/security/advisories?name=MDVSA-2010:072

http://www.mandriva.com/security/advisories?name=MDVSA-2010:073

http://www.securityfocus.com/bid/38524

http://www.ubuntu.com/usn/USN-906-1

https://bugzilla.redhat.com/show_bug.cgi?id=558460

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://security.gentoo.org/glsa/glsa-201207-10.xml

http://support.apple.com/kb/HT4077

KEV Catalog EPSS Scores Vendors All CVEs