This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote printer service is affected by multiple vulnerabilities.
According to its banner, the version of CUPS installed on the remote
host is earlier than 1.3.9. Such versions are affected by several
- The HP-GL/2 filter does not adequately check the ranges
on the pen width and pen color opcodes that allows an
attacker to overwrite memory addresses with arbitrary
data, which may result in execution of arbitrary code
- There is a heap-based buffer overflow in the SGI file
format parsing module that can be triggered with
malformed Run Length Encoded (RLE) data to execute
arbitrary code (STR #2918).
- There is an integer overflow vulnerability in the
'WriteProlog()' function in the 'texttops'
application that can be triggered when calculating
the page size used for storing PostScript data to
execute arbitrary code (STR #2919).
See also :
Upgrade to CUPS version 1.3.9 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true