CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.4%
According to its banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such versions are affected by multiple integer overflow vulnerabilities :
A potential integer overflow in the PNG image validation code in ‘_cupsImageReadPNG()’. (STR #2974)
A heap-based integer overflow in ‘_cupsImageReadTIFF()’. (STR #3031)
The web interface may be vulnerable to DNS rebinding attacks due to a failure to validate the HTTP Host header in incoming requests. (STR #3118)
A heap-based buffer overflow in pdftops. (CVE-2009-0195)
Flawed ‘ip’ structure initialization in the function ‘ippReadIO()’ could allow an attacker to crash the application.
Binary data 4771.prm