The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
[
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"digest": {
"line_hashes": [
"112213689050379869763091164936868892178",
"5125898567914383932071209695288324311",
"94597892511592687754632533908968848284",
"107596180896144356813903740424558780293",
"37310984600730616868676346740485247858",
"285621934237924637389210672470562349652",
"109817770460179768519800577194354418877"
],
"threshold": 0.9
},
"id": "CVE-2017-18248-8782c8d3",
"signature_version": "v1",
"target": {
"file": "scheduler/ipp.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"digest": {
"length": 18873.0,
"function_hash": "17709756397698588494258500804977714539"
},
"id": "CVE-2017-18248-932d579e",
"signature_version": "v1",
"target": {
"function": "add_job",
"file": "scheduler/ipp.c"
}
}
]