CVE-2009-0949

HIGH

CUPS < 1.3.10 - Denial of Service via IPP Request with Consecutive UNSUPPORTED Tags

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0949. PoCs published by Anibal Sacco.

AI-analyzed exploit summary This exploit triggers a NULL-pointer dereference in CUPS by sending a malformed IPP (Internet Printing Protocol) packet with two consecutive IPP_TAG_UNSUPPORTED tags, leading to a denial-of-service (DoS) condition. The PoC constructs a crafted IPP request and sends it to the target CUPS server on port 631.

Description

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Anibal Sacco · pythondoslinux
https://www.exploit-db.com/exploits/33020

This exploit triggers a NULL-pointer dereference in CUPS by sending a malformed IPP (Internet Printing Protocol) packet with two consecutive IPP_TAG_UNSUPPORTED tags, leading to a denial-of-service (DoS) condition. The PoC constructs a crafted IPP request and sends it to the target CUPS server on port 631.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CUPS (Common Unix Printing System) versions affected by CVE-2009-0949
No auth needed
Prerequisites: Network access to the CUPS server on port 631 · CUPS service running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=500972
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35169
Broken Link, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1811
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35340
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35342
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50926
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-780-1
Exploit, Third Party Advisory x_refsource_misc
http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35328
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1082.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35685
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT3865
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36701
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504032/100/0/threaded
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1083.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022321
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35322

Scores

CVSS v3 7.5
EPSS 0.1963
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-908
Status published
Products (13)
apple/cups < 1.3.10
apple/mac_os_x 10.0.0 - 10.4.11
apple/mac_os_x_server 10.0.0 - 10.4.11
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
canonical/ubuntu_linux 9.04
debian/debian_linux 4.0
debian/debian_linux 5.0
debian/debian_linux 6.0
... and 3 more
Published Jun 09, 2009
Tracked Since Feb 18, 2026