Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

1) Multiple errors in the included pdftops program are caused due to the usage of vulnerable Xpdf code and can be exploited to cause crashes or potentially execute arbitrary code.

For more information:
SA34291

2) An integer overflow error in the processing of TIFF files can be exploited to cause a heap-based buffer overflow when printing a specially crafted image.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

3) An error when processing "Host:" headers can be exploited to potentially disclose e.g. CUPS job history or registered CUPS printers via DNS rebinding attacks.

4) An error in the processing of IPP tags below 16 can be exploited to trigger a NULL-pointer dereference and crash the server via a specially crafted IPP request.

The vulnerabilities are reported in versions prior to 1.3.10.

Solution
Update to version 1.3.10.

Provided and/or discovered by
2) Reported via iDefense.
3) Reported by the vendor.
4) Anibal Sacco, CORE IMPACT Exploit Writing Team

Changelog
Further details available to Secunia VIM customers

Original Advisory
Secunia Research:
http://secunia.com/secunia_research/2009-18/

CUPS:
http://cups.org/articles.php?L582
http://cups.org/str.php?L3031
http://cups.org/str.php?L3118

Core Security Technologies:
http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers