Unrated severityNVD Advisory· Published Jun 26, 2015· Updated May 6, 2026
CVE-2015-1158
CVE-2015-1158
Description
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- www.cups.org/blog.phpnvdVendor Advisory
- www.kb.cert.org/vuls/id/810572nvdThird Party AdvisoryUS Government Resource
- www.cups.org/str.phpnvdVendor Advisory
- googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.htmlnvd
- kb.juniper.net/InfoCenter/indexnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1123.htmlnvd
- www.debian.org/security/2015/dsa-3283nvd
- www.securityfocus.com/bid/75098nvd
- www.securitytracker.com/id/1032556nvd
- www.ubuntu.com/usn/USN-2629-1nvd
- bugzilla.opensuse.org/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
- code.google.com/p/google-security-research/issues/detailnvd
- github.com/0x00string/oldays/blob/master/CVE-2015-1158.pynvd
- security.gentoo.org/glsa/201510-07nvd
- www.exploit-db.com/exploits/37336/nvd
- www.exploit-db.com/exploits/41233/nvd
News mentions
0No linked articles in our index yet.