CVE-2008-5183

Publication date 21 November 2008

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status

Notes

mdeslaur

Only 1.3.x has rss subscriptions, so dapper is not vulnerable

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

USN-707-1
CUPS vulnerabilities
12 January 2009