CVE-2010-2941

CVE Database · CVE-2010-2941

CVE-2010-2941

· CRITICALModified

CVSS v3.1

9.8

EPSS

6.47%

Published

Nov 5, 2010

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416

Affected Products (26)

apple · cupsvulnerable

apple · mac_os_x (up to 10.5.8)vulnerable

apple · mac_os_xvulnerable

apple · mac_os_x_server (up to 10.5.8)vulnerable

apple · mac_os_x_servervulnerable

fedoraproject · fedoravulnerable

canonical · ubuntu_linuxvulnerable