CVE-2008-0882
cupsys - arbitrary code execution
EPSS 23.1%
Description
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
How to fix CVE-2008-0882
To remediate CVE-2008-0882, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.3.6-1 or later
- Debian/cupsys—upgrade to 1.3.5-1+lenny1 or later
Is CVE-2008-0882 being exploited?
Moderate — EPSS is 23.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.3.6-1
- from 0, < 1.3.5-1+lenny1