CVE-2008-5183

Name: CVE-2008-5183
Creator: NVD / NIST
Published: 2008-11-21T02:30:00.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 9.21%

Last modified Jun 16, 2026

CVE-2008-5183 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.. EPSS estimates a 9.21% chance of exploitation in the next 30 days.

Description

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

9.21%

94.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-476

Affected Software

Vendor	Product	Versions
Apple	Cups	<= 1.3.9
Apple	Mac Os X	< 10.5.6
Apple	Mac Os X Server	< 10.5.6
Opensuse	Opensuse	11.0
Debian	Debian Linux	5.0
Debian	Debian Linux	6.0

References

http://lab.gnucitizen.org/projects/cups-0dayBroken Link
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlMailing List
http://secunia.com/advisories/33937Broken Link
http://secunia.com/advisories/43521Broken Link
http://support.apple.com/kb/HT3438Third Party Advisory
http://www.debian.org/security/2011/dsa-2176Third Party Advisory
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028Broken Link
http://www.openwall.com/lists/oss-security/2008/11/19/3Mailing List
http://www.openwall.com/lists/oss-security/2008/11/19/4Mailing List
http://www.openwall.com/lists/oss-security/2008/11/20/1Mailing List
http://www.redhat.com/support/errata/RHSA-2008-1029.htmlBroken Link
http://www.securityfocus.com/bid/32419Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1021396Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2009/0422Broken Link
http://www.vupen.com/english/advisories/2011/0535Broken Link
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/46684Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586Broken Link
https://www.exploit-db.com/exploits/7150Third Party Advisory, VDB Entry
http://lab.gnucitizen.org/projects/cups-0dayBroken Link
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlMailing List
http://secunia.com/advisories/33937Broken Link
http://secunia.com/advisories/43521Broken Link
http://support.apple.com/kb/HT3438Third Party Advisory
http://www.debian.org/security/2011/dsa-2176Third Party Advisory
http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:028Broken Link
http://www.openwall.com/lists/oss-security/2008/11/19/3Mailing List
http://www.openwall.com/lists/oss-security/2008/11/19/4Mailing List
http://www.openwall.com/lists/oss-security/2008/11/20/1Mailing List
http://www.redhat.com/support/errata/RHSA-2008-1029.htmlBroken Link
http://www.securityfocus.com/bid/32419Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1021396Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2009/0422Broken Link
http://www.vupen.com/english/advisories/2011/0535Broken Link
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/298241Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/46684Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10586Broken Link
https://www.exploit-db.com/exploits/7150Third Party Advisory, VDB Entry

Timeline

Published: Nov 21, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-5183?

How severe is CVE-2008-5183?

CVE-2008-5183 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 9.21% probability of exploitation in the next 30 days.

How do I fix CVE-2008-5183?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-5183?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST