CVE-2010-2941

9.8 CRITICAL
Published: November 05, 2010 Modified: April 29, 2026
View on NVD

Description

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Source: secalert@redhat.com
Broken Link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Source: secalert@redhat.com
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html
Source: secalert@redhat.com
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html
Source: secalert@redhat.com
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html
Source: secalert@redhat.com
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Source: secalert@redhat.com
Mailing List
http://rhn.redhat.com/errata/RHSA-2010-0811.html
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/42287
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/42867
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/43521
Source: secalert@redhat.com
Broken Link
http://security.gentoo.org/glsa/glsa-201207-10.xml
Source: secalert@redhat.com
Third Party Advisory
http://securitytracker.com/id?1024662
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323
Source: secalert@redhat.com
Broken Link
http://support.apple.com/kb/HT4435
Source: secalert@redhat.com
Broken Link
http://www.debian.org/security/2011/dsa-2176
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
Source: secalert@redhat.com
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
Source: secalert@redhat.com
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
Source: secalert@redhat.com
Broken Link
http://www.osvdb.org/68951
Source: secalert@redhat.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0866.html
Source: secalert@redhat.com
Broken Link
http://www.securityfocus.com/bid/44530
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1012-1
Source: secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2856
Source: secalert@redhat.com
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/3042
Source: secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2010/3088
Source: secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2011/0061
Source: secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2011/0535
Source: secalert@redhat.com
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=624438
Source: secalert@redhat.com
Issue Tracking Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/62882
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050977.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051277.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051301.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://rhn.redhat.com/errata/RHSA-2010-0811.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/42287
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/42867
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/43521
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-201207-10.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securitytracker.com/id?1024662
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.468323
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.apple.com/kb/HT4435
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2011/dsa-2176
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:232
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:233
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:234
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.osvdb.org/68951
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0866.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/44530
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1012-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2856
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/3042
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/3088
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2011/0061
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2011/0535
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=624438
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/62882
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

58 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
21.4%
96th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-416

Affected Vendors

suse canonical debian fedoraproject apple redhat opensuse

Related CVEs

CVE-2026-7855 8.8
CVE-2026-7854 9.8
CVE-2026-42997 7.7
CVE-2026-38428 N/A
CVE-2026-31835 N/A