Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cups | Cups | * | 1.3.3 (including) |
| Red Hat Enterprise Linux 3 | RedHat | cups-1:1.1.17-13.3.46 | * |
| Red Hat Enterprise Linux 4 | RedHat | cups-1:1.1.22-0.rc1.9.20.2.el4_5.2 | * |
| Red Hat Enterprise Linux 5 | RedHat | cups-1:1.2.4-11.14.el5_1.1 | * |
| Cupsys | Ubuntu | dapper | * |
| Cupsys | Ubuntu | edgy | * |
| Cupsys | Ubuntu | feisty | * |
| Cupsys | Ubuntu | gutsy | * |
| Cupsys | Ubuntu | upstream | * |