What is the severity of CVE-2009-0949?

CVE-2009-0949 has a severity rating of medium due to its potential to cause denial of service.

How do I fix CVE-2009-0949?

To fix CVE-2009-0949, upgrade to CUPS version 1.3.10 or later.

What type of attack does CVE-2009-0949 allow?

CVE-2009-0949 allows remote attackers to mount a denial of service attack due to null pointer dereference.

Which versions are affected by CVE-2009-0949?

CVE-2009-0949 affects CUPS versions prior to 1.3.10.

What component does CVE-2009-0949 affect?

CVE-2009-0949 affects the cupsd component of the CUPS printing system.

Vulnerability/
CVE-2009-0949

high

7.5

CWE

399 476 908

15/5/2009

9/6/2009

7/8/2024

CVE-2009-0949: Null Pointer Dereference

First published: Fri May 15 2009(Updated: )

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
CUPS	=1.1.20
CUPS	=1.1.5-2
CUPS	=1.1.14
CUPS	=1.3-rc2
CUPS	=1.1.6-1
CUPS	=1.1.18
CUPS	=1.1.12
CUPS	=1.1.5-1
CUPS	=1.3.3
CUPS	=1.1.22
CUPS	=1.2.0
CUPS	=1.1.16
CUPS	=1.3.1
CUPS	=1.1.23-rc1
CUPS	=1.1.20-rc1
CUPS	=1.1.15
CUPS	=1.1.17
CUPS	=1.1.20-rc6
CUPS	=1.2.4
CUPS	=1.1.19-rc1
CUPS	=1.3.2
CUPS	=1.1.22-rc1
CUPS	=1.1.7
CUPS	=1.2-rc2
CUPS	=1.1.6-2
CUPS	=1.3-b1
CUPS	=1.1.3
CUPS	=1.2.3
CUPS	=1.1.21
CUPS	=1.2.9
CUPS	=1.2.10
CUPS	=1.1.4
CUPS	=1.1.23
CUPS	=1.2.6
CUPS	=1.2-b1
CUPS	=1.3.8
CUPS	=1.1.20-rc4
CUPS	=1.1.19
CUPS	=1.1
CUPS	=1.3.4
CUPS	=1.1.8
CUPS	=1.1.5
CUPS	=1.2.1
CUPS	=1.2-rc3
CUPS	=1.1.2
CUPS	=1.1.13
CUPS	=1.1.19-rc4
CUPS	=1.1.9-1
CUPS	=1.2.12
CUPS	=1.1.21-rc2
CUPS	=1.2-b2
CUPS	=1.2.7
CUPS	=1.1.6-3
CUPS	=1.1.20-rc5
CUPS	=1.1.9
CUPS	=1.3.7
CUPS	=1.1.19-rc5
CUPS	=1.2-rc1
CUPS	<=1.3.9
CUPS	=1.1.1
CUPS	=1.2.8
CUPS	=1.2.2
CUPS	=1.1.10
CUPS	=1.2.11
CUPS	=1.1.22-rc2
CUPS	=1.1.21-rc1
CUPS	=1.3-rc1
CUPS	=1.1.11
CUPS	=1.1.19-rc3
CUPS	=1.1.6
CUPS	=1.1.10-1
CUPS	=1.3.0
CUPS	=1.3.5
CUPS	=1.3.6
CUPS	=1.1.20-rc2
CUPS	=1.1.20-rc3
CUPS	=1.2.5
CUPS	=1.1.19-rc2
CUPS	<1.3.10
Ubuntu	=6.06
Ubuntu	=8.04
Ubuntu	=8.10
Ubuntu	=9.04
Debian Linux	=4.0
Debian Linux	=5.0
Debian Linux	=6.0
Apple iOS and macOS	>=10.0.0<10.4.11
Apple iOS and macOS	>=10.5.0<10.5.8
Apple iOS and macOS	>=10.0.0<10.4.11
Apple iOS and macOS	>=10.5.0<10.5.8
openSUSE	=10.3
SUSE Linux Enterprise Server	=9.0
SUSE Linux Enterprise Server	=10.0

Remedy

http://www.debian.org/security/2009/dsa-1811

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0949?
CVE-2009-0949 has a severity rating of medium due to its potential to cause denial of service.
How do I fix CVE-2009-0949?
To fix CVE-2009-0949, upgrade to CUPS version 1.3.10 or later.
What type of attack does CVE-2009-0949 allow?
CVE-2009-0949 allows remote attackers to mount a denial of service attack due to null pointer dereference.
Which versions are affected by CVE-2009-0949?
CVE-2009-0949 affects CUPS versions prior to 1.3.10.
What component does CVE-2009-0949 affect?
CVE-2009-0949 affects the cupsd component of the CUPS printing system.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2009-0949
agent/references
agent/remedy
agent/severity
agent/description
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/apple
canonical/cups
version/cups/1.1.20
version/cups/1.1.5-2
version/cups/1.1.14
version/cups/1.3-rc2
version/cups/1.1.6-1
version/cups/1.1.18
version/cups/1.1.12
version/cups/1.1.5-1
version/cups/1.3.3
version/cups/1.1.22
version/cups/1.2.0
version/cups/1.1.16
version/cups/1.3.1
version/cups/1.1.23-rc1
version/cups/1.1.20-rc1
version/cups/1.1.15
version/cups/1.1.17
version/cups/1.1.20-rc6
version/cups/1.2.4
version/cups/1.1.19-rc1
version/cups/1.3.2
version/cups/1.1.22-rc1
version/cups/1.1.7
version/cups/1.2-rc2
version/cups/1.1.6-2
version/cups/1.3-b1
version/cups/1.1.3
version/cups/1.2.3
version/cups/1.1.21
version/cups/1.2.9
version/cups/1.2.10
version/cups/1.1.4
version/cups/1.1.23
version/cups/1.2.6
version/cups/1.2-b1
version/cups/1.3.8
version/cups/1.1.20-rc4
version/cups/1.1.19
version/cups/1.1
version/cups/1.3.4
version/cups/1.1.8
version/cups/1.1.5
version/cups/1.2.1
version/cups/1.2-rc3
version/cups/1.1.2
version/cups/1.1.13
version/cups/1.1.19-rc4
version/cups/1.1.9-1
version/cups/1.2.12
version/cups/1.1.21-rc2
version/cups/1.2-b2
version/cups/1.2.7
version/cups/1.1.6-3
version/cups/1.1.20-rc5
version/cups/1.1.9
version/cups/1.3.7
version/cups/1.1.19-rc5
version/cups/1.2-rc1
version/cups/1.3.9
version/cups/1.1.1
version/cups/1.2.8
version/cups/1.2.2
version/cups/1.1.10
version/cups/1.2.11
version/cups/1.1.22-rc2
version/cups/1.1.21-rc1
version/cups/1.3-rc1
version/cups/1.1.11
version/cups/1.1.19-rc3
version/cups/1.1.6
version/cups/1.1.10-1
version/cups/1.3.0
version/cups/1.3.5
version/cups/1.3.6
version/cups/1.1.20-rc2
version/cups/1.1.20-rc3
version/cups/1.2.5
version/cups/1.1.19-rc2
vendor/canonical
canonical/ubuntu
version/ubuntu/6.06
version/ubuntu/8.04
version/ubuntu/8.10
version/ubuntu/9.04
vendor/debian
canonical/debian linux
version/debian linux/4.0
version/debian linux/5.0
version/debian linux/6.0
canonical/apple ios and macos
version/apple ios and macos/10.0.0
version/apple ios and macos/10.5.0
vendor/opensuse
canonical/opensuse
version/opensuse/10.3
vendor/suse
canonical/suse linux enterprise server
version/suse linux enterprise server/9.0
version/suse linux enterprise server/10.0