CVE-2010-0393
cups - arbitrary code execution
EPSS 0.08%
Description
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
How to fix CVE-2010-0393
To remediate CVE-2010-0393, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.4.2-9.1 or later
- Debian/cups—upgrade to 1.3.8-1+lenny8 or later
Is CVE-2010-0393 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.2-9.1
- from 0, < 1.3.8-1+lenny8