CVE-2010-0542

Name	CVE-2010-0542
Description	The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2176-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
cups (PTS)	jessie, jessie (lts)	1.7.5-11+deb8u12	fixed
	stretch (security)	2.2.1-8+deb9u8	fixed
	stretch (lts), stretch	2.2.1-8+deb9u12	fixed
	buster, buster (lts)	2.2.10-6+deb10u11	fixed
	buster (security)	2.2.10-6+deb10u10	fixed
	bullseye	2.3.3op2-3+deb11u8	fixed
	bullseye (security)	2.3.3op2-3+deb11u9	fixed
	bookworm	2.4.2-3+deb12u7	fixed
	bookworm (security)	2.4.2-3+deb12u8	fixed
	sid, trixie	2.4.10-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
cups	source	lenny	1.3.8-1+lenny9		DSA-2176-1
cups	source	(unstable)	1.4.4-1