CVE-2008-0597

NameCVE-2008-0597
DescriptionUse-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)jessie, jessie (lts)1.7.5-11+deb8u12fixed
stretch (security)2.2.1-8+deb9u8fixed
stretch (lts), stretch2.2.1-8+deb9u12fixed
buster, buster (lts)2.2.10-6+deb10u11fixed
buster (security)2.2.10-6+deb10u10fixed
bullseye2.3.3op2-3+deb11u8fixed
bullseye (security)2.3.3op2-3+deb11u9fixed
bookworm2.4.2-3+deb12u7fixed
bookworm (security)2.4.2-3+deb12u8fixed
sid, trixie2.4.10-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)1.2.1-1

Notes

- cups <not-affected> (Vulnerable code not present)
(mimeDeleteType included since 1.2.x
according to maintainer, applies to 1.1.x series only. exact fixed
version in 1.1 unknown but irrelevant. cups package never had 1.1
versions in Debian.

Search for package or bug name: Reporting problems