The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.
Exploitability
AV:NAC:LAu:NImpact
C:NI:NA:P5/AV:N/AC:L/Au:N/C:N/I:N/A:P