Mandriva Linux Security Advisory – Dave Camp at Critical Path Software discovered a buffer overflow in CUPS 1.1.23 and earlier could allow local admin users to execute arbitrary code via a crafted URI to the CUPS service. The Red Hat Security Team also found two flaws in CUPS 1.1.x where a malicious user on the local subnet could send a set of carefully crafted IPP packets to the UDP port in such a way as to cause CUPS to crash or consume memory and lead to a CUPS crash. Finally, another flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/64076/MDVSA-2008-050.txt
Source: https://packetstormsecurity.com/files/64076/Mandriva-Linux-Security-Advisory-2008-050.html