CUPS < 1.3.6 process_browse_data() Function Double Free DoS
Low Nessus Plugin ID 31131
SynopsisThe remote printer service is prone to a denial of service attack.
DescriptionAccording to its banner, the version of CUPS installed on the remote host contains a double free error in its 'process_browse_data' function when deleting the mime type entry for a remote printer that is being polled. An attacker may be able to leverage this issue to crash the affected service by deleting a printer under his control and then recreating it as a class.
Third-party researchers suggest this vulnerability can be used to execute arbitrary code.
SolutionUpgrade to CUPS version 1.3.6 or later.