CVE-2010-0542

NameCVE-2010-0542
DescriptionThe _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2176-1
NVD severitymedium (attack range: remote, user-initiated)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups (PTS)squeeze1.4.4-7+squeeze5fixed
squeeze (security)1.4.4-7+squeeze4fixed
squeeze (lts)1.4.4-7+squeeze8fixed
wheezy1.5.3-5+deb7u4fixed
wheezy (security)1.5.3-5+deb7u6fixed
jessie1.7.5-11fixed
jessie (security)1.7.5-11+deb8u1fixed
stretch, sid1.7.5-12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cupssource(unstable)1.4.4-1medium
cupssourcelenny1.3.8-1+lenny9mediumDSA-2176-1

Search for package or bug name: Reporting problems