The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.7%.
RCE
Cups
NVD
GitHub
Exploit-DB
CVSS 2.0
10.0
EPSS
81.7%
Threat
6.0