CVE-2017-18248

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

References

Affected packages

Git / github.com/apple/cups

Affected ranges

Type: GIT
Repo: https://github.com/apple/cups
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

49fa4983f25b64ec29d548ffa3b9782426007df3

Fixed

58c36830230dc358da743911e96e5b93d1bd3934

Affected versions

v2.*

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2b1

v2.2b2

v2.2rc1

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "112213689050379869763091164936868892178",
                "5125898567914383932071209695288324311",
                "94597892511592687754632533908968848284",
                "107596180896144356813903740424558780293",
                "37310984600730616868676346740485247858",
                "285621934237924637389210672470562349652",
                "109817770460179768519800577194354418877"
            ]
        },
        "id": "CVE-2017-18248-8782c8d3",
        "source": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
        "target": {
            "file": "scheduler/ipp.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "17709756397698588494258500804977714539",
            "length": 18873.0
        },
        "id": "CVE-2017-18248-932d579e",
        "source": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
        "target": {
            "file": "scheduler/ipp.c",
            "function": "add_job"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false
    }
]