CVE-2008-0597

NameCVE-2008-0597
DescriptionUse-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)stretch2.2.1-8+deb9u6fixed
stretch (security)2.2.1-8+deb9u7fixed
buster2.2.10-6+deb10u4fixed
bullseye2.3.3op2-3+deb11u1fixed
bookworm, sid2.3.3op2-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)(not affected)
cupsyssource(unstable)1.2.1-1

Notes

- cups <not-affected> (Vulnerable code not present)
(mimeDeleteType included since 1.2.x
according to maintainer, applies to 1.1.x series only. exact fixed
version in 1.1 unknown but irrelevant. cups package never had 1.1
versions in Debian.

Search for package or bug name: Reporting problems