CVE-2017-18248

CVE Database · CVE-2017-18248

CVE-2017-18248

· N/AModified

CVSS v3.1

N/A

EPSS

2.25%

Published

Mar 26, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

Weaknesses (CWE)

CWE-20

Affected Products (1)

apple · cups (up to 2.2.6)vulnerable

References (14)

https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3

PatchThird Party Advisory

https://github.com/apple/cups/issues/5143

ExploitThird Party Advisory

https://github.com/apple/cups/releases/tag/v2.2.6

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html

https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html

https://security.cucumberlinux.com/security/details.php?id=346

ExploitThird Party Advisory

https://usn.ubuntu.com/3713-1/

KEV Catalog EPSS Scores Vendors All CVEs