Unrated severityNVD Advisory· Published Mar 5, 2010· Updated Jun 16, 2026
CVE-2010-0393
CVE-2010-0393
Description
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:1.4.1:*:*:*:*:*:*:*
- Range: 1.2.2, 1.3.7, 1.3.9, 1.4.1
Patches
Vulnerability mechanics
References
9- lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlnvd
- security.gentoo.org/glsa/glsa-201207-10.xmlnvd
- support.apple.com/kb/HT4077nvd
- www.cups.org/str.phpnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/38524nvd
- www.ubuntu.com/usn/USN-906-1nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.