First published: Thu May 14 2015(Updated: )
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple CUPS | <=2.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-1158 is assigned a medium severity rating due to its potential for data corruption and its impact on the affected systems.
To fix CVE-2015-1158, upgrade to CUPS version 2.0.3 or later, which addresses the vulnerability.
CVE-2015-1158 affects CUPS versions prior to 2.0.3.
CVE-2015-1158 does not lead to remote code execution but allows for data corruption through crafted requests.
CVE-2015-1158 can be exploited through crafted IPP_CREATE_JOB or IPP_PRINT_JOB requests.