|Max CVSS||7.9||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in
|07-02-2022 - 18:44||19-08-2011 - 17:55|
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.
|21-07-2021 - 11:39||22-10-2020 - 18:15|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execu
|30-10-2020 - 02:22||27-10-2020 - 20:15|
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this c
|05-08-2019 - 19:15||05-08-2019 - 19:15|
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
|23-09-2017 - 01:29||26-06-2015 - 10:59|
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary
|29-08-2017 - 01:32||20-11-2012 - 00:55|
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbi
|17-08-2017 - 01:32||05-11-2010 - 17:00|
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
|07-01-2017 - 03:00||29-07-2014 - 14:55|