CVE-2002-1368

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

How to fix CVE-2002-1368

To remediate CVE-2002-1368, upgrade the affected package to a fixed version below.

• Debian/cups—upgrade to 1.1.18-1 or later

Is CVE-2002-1368 being exploited?

Moderate — EPSS is 26.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.1.18-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-1368