High severity7.5NVD Advisory· Published Mar 5, 2010· Updated Apr 29, 2026

CVE-2010-0302

Description

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Affected products

Apple Inc./Cups
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
Range: <1.4.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <10.5.8
Apple Inc./Mac Os X Server
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Range: <10.5.8
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Fedoraproject/Fedora
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
Red Hat/Enterprise Linux
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
security.gentoo.org/glsa/glsa-201207-10.xmlnvdThird Party Advisory
support.apple.com/kb/HT4188nvdVendor Advisory
www.securityfocus.com/bid/38510nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-906-1nvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2010-0129.htmlnvdThird Party Advisory
cups.org/articles.phpnvdRelease Notes
cups.org/str.phpnvdRelease Notes
lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlnvdMailing List
lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.htmlnvdMailing List
secunia.com/advisories/38785nvdBroken Link
secunia.com/advisories/38927nvdBroken Link
secunia.com/advisories/38979nvdBroken Link
secunia.com/advisories/40220nvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.vupen.com/english/advisories/2010/1481nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000