Red Hat Bugzilla – Bug 433825
CVE-2008-0596 cups: memory leak handling IPP browse requests
Last modified: 2016-03-04 06:42:42 EST
Whilst investigating a double-free issue in process_browse_data (Bug #433758) we
discovered that older versions of CUPS as shipped with Enterprise Linux 3 and 4
did not free the mime type allocated when a remote resource timed out.
A malicious user on the local subnet could send carefully crafted IPP packets to
the udp port in such a way as to consume memory and lead to a CUPS crash.
This issue was addressed in:
Red Hat Enterprise Linux:
Created attachment 312752 [details]
Patch as used in Red Hat Enterprise Linux 4 CUPS packages based on upstream 1.1.22rc1