Search criteria
42 vulnerabilities found for cups-filters by linuxfoundation
FKIE_CVE-2023-24805
Vulnerability from fkie_nvd - Published: 2023-05-17 18:15 - Updated: 2024-11-21 07:48
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * | |
| linuxfoundation | cups-filters | 2.0 | |
| linuxfoundation | cups-filters | 2.0 | |
| linuxfoundation | cups-filters | 2.0 | |
| linuxfoundation | cups-filters | 2.0 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F579A-B8F0-4F15-A8DA-7D58BF94740A",
"versionEndExcluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "216CAAD0-DBE1-4732-9E7D-1E2F681DC3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "528C776A-D684-4A2B-BD40-4798321169E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "04694E1A-63CE-41E8-A8CA-31368D058EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADB252D-65B1-4591-B3F3-DBCEFD49CC52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) \u003e\u003e 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime."
}
],
"id": "CVE-2023-24805",
"lastModified": "2024-11-21T07:48:25.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T18:15:09.177",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.gentoo.org/glsa/202401-06"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5407"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8560
Vulnerability from fkie_nvd - Published: 2016-04-14 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA7078-EB66-4950-A42E-AFA1C4884BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "F820B469-1F21-4E38-9632-3D909B115D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AA59E3-7FCE-408F-9A24-1E4D451BB15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "3975A1BA-90A6-4E16-BA17-CFA62EDB017B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "42C8E1B5-9C65-4067-8FC6-63E286C7C5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1F6317-6CC3-4B1B-8A2C-F131F20395FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "90A028CB-53C4-4FA0-AB46-7FA6A5621D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5BDDFE-93CE-462E-B059-78AE7635491E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "12FAE5EA-91B4-4E3C-863D-BAFA832BD7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2135A-6BB7-4C44-94A9-61C3DAE3BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C011CFB5-66CF-4E9F-987B-497AF7F7D89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "51BECA9A-9A4F-483D-B0F8-7EDF39653220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "144ADD44-7A0D-41CD-B9DD-8B0D55B30AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "3629070E-A703-42DC-92B5-192D1C4E965A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "BBADA027-AC75-48C1-A374-52D22C916DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "A860B37D-62CB-4421-8A7E-32E944D8BDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "816C584C-B1BE-4EF6-B524-4438006BD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3062CE-C2DC-4920-9C35-B793E0EE367C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "60466538-FEDC-4B88-B6DC-344770D5BEEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "30C5B79D-E24E-4D10-BA02-9CFD87C77B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "D32FAFD1-9E31-4D59-8B40-D6522566B85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0359678E-7979-47F8-9583-A988211EEC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A512A128-3906-4838-A932-29BA2C327957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "23D7612C-445C-45B1-8320-1086972CA0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "09E4C01C-B275-4092-AF25-803B219C4617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4D6B65-32AB-4845-9C26-F47E5824D4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3913DB-A23C-42EB-B04C-464270C3C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D6C5B9-C91B-4D2E-AFF0-77C2A552F277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA32A4E7-3083-48C3-9131-534996094883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0822E-225D-4534-A6F7-D8E442432CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D31E4828-5DF6-47E7-86AE-CD03259D1E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3DD5E3-C304-4519-BE45-F20276E0DB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D5FB154-6600-4CE1-9811-5BC672D68991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01CE79DA-B5C3-4923-B941-95C4717C8BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "307F7310-F34B-4CEC-B81B-33899006E882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7CC46F-8875-4630-9B1A-278E94A2CD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB351C4-66F2-4DAE-A34D-E5B2237F1887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9182A35A-C31C-4C8D-917A-C2B2231364AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "63EBEA36-790A-454D-B29F-996D0C0204FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22E3EC4A-48AE-4039-974D-4D5BE0598A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB8C32D-C84B-4D0D-A145-562904B94C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "66D52942-C9DA-46CF-B066-B2D569EAD5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F54BE2F2-226D-4EAE-BBE3-8B042E2B3914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFE1F4C-3476-4C43-99E7-41846BAE6544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "910858E2-1083-4F9F-827D-E0F8EBA6C1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CB713EAA-C0CB-464B-B9B4-40D9718B9106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6C285215-4125-44E4-A1EC-A2BA92F88251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.4.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un car\u00e1cter ; (punto y coma) en un trabajo de impresi\u00f3n, una vulnerabilidad diferente a CVE-2015-8327."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/184.html\"\u003eCWE-184: Incomplete Blacklist\u003c/a\u003e",
"id": "CVE-2015-8560",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-14T14:59:06.207",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "security@debian.org",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"source": "security@debian.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2838-2"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8327
Vulnerability from fkie_nvd - Published: 2015-12-17 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
"matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0822E-225D-4534-A6F7-D8E442432CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D31E4828-5DF6-47E7-86AE-CD03259D1E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3DD5E3-C304-4519-BE45-F20276E0DB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D5FB154-6600-4CE1-9811-5BC672D68991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01CE79DA-B5C3-4923-B941-95C4717C8BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "307F7310-F34B-4CEC-B81B-33899006E882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7CC46F-8875-4630-9B1A-278E94A2CD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB351C4-66F2-4DAE-A34D-E5B2237F1887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9182A35A-C31C-4C8D-917A-C2B2231364AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "63EBEA36-790A-454D-B29F-996D0C0204FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22E3EC4A-48AE-4039-974D-4D5BE0598A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB8C32D-C84B-4D0D-A145-562904B94C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "66D52942-C9DA-46CF-B066-B2D569EAD5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F54BE2F2-226D-4EAE-BBE3-8B042E2B3914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFE1F4C-3476-4C43-99E7-41846BAE6544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "910858E2-1083-4F9F-827D-E0F8EBA6C1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CB713EAA-C0CB-464B-B9B4-40D9718B9106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6C285215-4125-44E4-A1EC-A2BA92F88251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA7078-EB66-4950-A42E-AFA1C4884BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "F820B469-1F21-4E38-9632-3D909B115D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AA59E3-7FCE-408F-9A24-1E4D451BB15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "3975A1BA-90A6-4E16-BA17-CFA62EDB017B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "42C8E1B5-9C65-4067-8FC6-63E286C7C5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1F6317-6CC3-4B1B-8A2C-F131F20395FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "90A028CB-53C4-4FA0-AB46-7FA6A5621D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5BDDFE-93CE-462E-B059-78AE7635491E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "12FAE5EA-91B4-4E3C-863D-BAFA832BD7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2135A-6BB7-4C44-94A9-61C3DAE3BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C011CFB5-66CF-4E9F-987B-497AF7F7D89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "51BECA9A-9A4F-483D-B0F8-7EDF39653220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "144ADD44-7A0D-41CD-B9DD-8B0D55B30AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "3629070E-A703-42DC-92B5-192D1C4E965A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "BBADA027-AC75-48C1-A374-52D22C916DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "A860B37D-62CB-4421-8A7E-32E944D8BDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "816C584C-B1BE-4EF6-B524-4438006BD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3062CE-C2DC-4920-9C35-B793E0EE367C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "60466538-FEDC-4B88-B6DC-344770D5BEEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "30C5B79D-E24E-4D10-BA02-9CFD87C77B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "D32FAFD1-9E31-4D59-8B40-D6522566B85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0359678E-7979-47F8-9583-A988211EEC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A512A128-3906-4838-A932-29BA2C327957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "23D7612C-445C-45B1-8320-1086972CA0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "09E4C01C-B275-4092-AF25-803B219C4617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4D6B65-32AB-4845-9C26-F47E5824D4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3913DB-A23C-42EB-B04C-464270C3C1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.2.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de caracteres ` (acento grave) en un trabajo de impresi\u00f3n."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/184.html\"\u003eCWE-184: Incomplete Blacklist\u003c/a\u003e",
"id": "CVE-2015-8327",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-17T19:59:05.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "cve@mitre.org",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3411"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/78524"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/78524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3279
Vulnerability from fkie_nvd - Published: 2015-07-14 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 | |
| debian | debian_linux | 7.1 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AED437C-DE56-4D45-82B6-F1420AB669D8",
"versionEndIncluding": "1.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en filter/texttopdf.c en texttopdf en cups-filters antes de 1.0.71, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (colapso) o la posibilidad de ejecutar c\u00f3digo arbitrario por medio de una l\u00ednea larga que contiene caracteres anchos manipulada en un trabajo de impresi\u00f3n, lo que desencadena un desbordamiento del buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2015-3279",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-14T16:59:03.187",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/75557"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201510-08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3258
Vulnerability from fkie_nvd - Published: 2015-07-14 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 | |
| debian | debian_linux | 7.1 | |
| debian | debian_linux | 8.0 | |
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AED437C-DE56-4D45-82B6-F1420AB669D8",
"versionEndIncluding": "1.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job."
},
{
"lang": "es",
"value": "Desbordamiento del buffer basado en memoria din\u00e1mica en la funci\u00f3n WriteProlog en filter/texttopdf.c en texttopdf en cups-filters antes del 1.0.70, que permite a atacantes remotos provocar una denegaci\u00f3n de servcio (colapso) o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de una l\u00ednea larga que contiene caracteres anchos en una tarea de impresi\u00f3n."
}
],
"id": "CVE-2015-3258",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-14T16:59:02.203",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/75436"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201510-08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2265
Vulnerability from fkie_nvd - Published: 2015-03-24 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F50391-99E7-452E-8BE3-414699D543A8",
"versionEndIncluding": "1.0.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
},
{
"lang": "es",
"value": "La funci\u00f3n remove_bad_chars en utils/cups-browsed.c en cups-filters anterior a 1.0.66 permite a impresoras IPP remotas ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell consecutivos en el (1) modelo o (2) PDL. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-2707."
}
],
"id": "CVE-2015-2265",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-24T17:59:09.727",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4337
Vulnerability from fkie_nvd - Published: 2014-06-22 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABCFE4C-E846-4C01-9518-3FB194E99074",
"versionEndIncluding": "1.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
},
{
"lang": "es",
"value": "La funci\u00f3n process_browse_data en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de datos de paquetes manipulados."
}
],
"id": "CVE-2014-4337",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-22T21:55:03.520",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68122"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4336
Vulnerability from fkie_nvd - Published: 2014-06-22 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 | Patch, Third Party Advisory | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2014/04/25/7 | Patch, Third Party Advisory | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2014/06/19/12 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/04/25/7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/06/19/12 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABCFE4C-E846-4C01-9518-3FB194E99074",
"versionEndIncluding": "1.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
},
{
"lang": "es",
"value": "La funci\u00f3n generate_local_queue en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a impresoras IPP remotas ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el nombre del anfitri\u00f3n. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-2707."
}
],
"id": "CVE-2014-4336",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-22T21:55:03.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4338
Vulnerability from fkie_nvd - Published: 2014-06-22 21:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABCFE4C-E846-4C01-9518-3FB194E99074",
"versionEndIncluding": "1.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
},
{
"lang": "es",
"value": "cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un directivo cups-browsed.conf BrowseAllow malformado que se interpreta como si cediera acceso de navegaci\u00f3n a todas las direcciones IP."
}
],
"id": "CVE-2014-4338",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-22T21:55:03.690",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2707
Vulnerability from fkie_nvd - Published: 2014-04-17 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | 1.0.41 | |
| linuxfoundation | cups-filters | 1.0.42 | |
| linuxfoundation | cups-filters | 1.0.43 | |
| linuxfoundation | cups-filters | 1.0.44 | |
| linuxfoundation | cups-filters | 1.0.45 | |
| linuxfoundation | cups-filters | 1.0.46 | |
| linuxfoundation | cups-filters | 1.0.47 | |
| linuxfoundation | cups-filters | 1.0.48 | |
| linuxfoundation | cups-filters | 1.0.49 | |
| linuxfoundation | cups-filters | 1.0.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF5B05C-7C56-4FB1-821D-5A919E56C823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
},
{
"lang": "es",
"value": "cups-browsed en cups-filters 1.0.41 anterior a 1.0.51 permite a impresoras IPP remotas ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el (1) modelo o (2) PDL, relacionado con \"scripts de interfaz System V generados para colas.\""
}
],
"id": "CVE-2014-2707",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-17T14:55:11.700",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57530"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-24805 (GCVE-0-2023-24805)
Vulnerability from cvelistv5 – Published: 2023-05-17 17:33 – Updated: 2025-02-13 16:44
VLAI?
Summary
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenPrinting | cups-filters |
Affected:
<= 2.0rc1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"name": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cups-filters",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) \u003e\u003e 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T16:06:11.755Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"name": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"url": "https://security.gentoo.org/glsa/202401-06"
}
],
"source": {
"advisory": "GHSA-gpxc-v2m8-fr3x",
"discovery": "UNKNOWN"
},
"title": "Command injection in cups-filters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-24805",
"datePublished": "2023-05-17T17:33:41.714Z",
"dateReserved": "2023-01-30T14:43:33.703Z",
"dateUpdated": "2025-02-13T16:44:26.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8560 (GCVE-0-2015-8560)
Vulnerability from cvelistv5 – Published: 2016-04-14 14:00 – Updated: 2024-08-06 08:20
VLAI?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3419",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3419",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3419",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8560",
"datePublished": "2016-04-14T14:00:00",
"dateReserved": "2015-12-14T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8327 (GCVE-0-2015-8327)
Vulnerability from cvelistv5 – Published: 2015-12-17 19:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2831-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2831-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2831-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8327",
"datePublished": "2015-12-17T19:00:00",
"dateReserved": "2015-11-24T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3279 (GCVE-0-2015-3279)
Vulnerability from cvelistv5 – Published: 2015-07-14 16:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2659-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3279",
"datePublished": "2015-07-14T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3258 (GCVE-0-2015-3258)
Vulnerability from cvelistv5 – Published: 2015-07-14 16:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "75436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "75436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3258",
"datePublished": "2015-07-14T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2265 (GCVE-0-2015-2265)
Vulnerability from cvelistv5 – Published: 2015-03-24 17:00 – Updated: 2024-08-06 05:10
VLAI?
Summary
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0132.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2265",
"datePublished": "2015-03-24T17:00:00",
"dateReserved": "2015-03-09T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4336 (GCVE-0-2014-4336)
Vulnerability from cvelistv5 – Published: 2014-06-22 21:00 – Updated: 2024-08-06 11:12
VLAI?
Summary
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-22T20:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4336",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4337 (GCVE-0-2014-4337)
Vulnerability from cvelistv5 – Published: 2014-06-22 21:00 – Updated: 2024-08-06 11:12
VLAI?
Summary
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4337",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4338 (GCVE-0-2014-4338)
Vulnerability from cvelistv5 – Published: 2014-06-22 21:00 – Updated: 2024-08-06 11:12
VLAI?
Summary
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:34.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68124"
},
{
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4338",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:34.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2707 (GCVE-0-2014-2707)
Vulnerability from cvelistv5 – Published: 2014-04-17 14:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-20T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57530"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2707",
"datePublished": "2014-04-17T14:00:00",
"dateReserved": "2014-04-01T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24805 (GCVE-0-2023-24805)
Vulnerability from nvd – Published: 2023-05-17 17:33 – Updated: 2025-02-13 16:44
VLAI?
Summary
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenPrinting | cups-filters |
Affected:
<= 2.0rc1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"name": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cups-filters",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) \u003e\u003e 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T16:06:11.755Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"name": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"url": "https://security.gentoo.org/glsa/202401-06"
}
],
"source": {
"advisory": "GHSA-gpxc-v2m8-fr3x",
"discovery": "UNKNOWN"
},
"title": "Command injection in cups-filters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-24805",
"datePublished": "2023-05-17T17:33:41.714Z",
"dateReserved": "2023-01-30T14:43:33.703Z",
"dateUpdated": "2025-02-13T16:44:26.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8560 (GCVE-0-2015-8560)
Vulnerability from nvd – Published: 2016-04-14 14:00 – Updated: 2024-08-06 08:20
VLAI?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3419",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3419",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3419",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8560",
"datePublished": "2016-04-14T14:00:00",
"dateReserved": "2015-12-14T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8327 (GCVE-0-2015-8327)
Vulnerability from nvd – Published: 2015-12-17 19:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2831-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2831-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2831-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8327",
"datePublished": "2015-12-17T19:00:00",
"dateReserved": "2015-11-24T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3279 (GCVE-0-2015-3279)
Vulnerability from nvd – Published: 2015-07-14 16:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2659-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3279",
"datePublished": "2015-07-14T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3258 (GCVE-0-2015-3258)
Vulnerability from nvd – Published: 2015-07-14 16:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "75436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "75436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3258",
"datePublished": "2015-07-14T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2265 (GCVE-0-2015-2265)
Vulnerability from nvd – Published: 2015-03-24 17:00 – Updated: 2024-08-06 05:10
VLAI?
Summary
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0132.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2265",
"datePublished": "2015-03-24T17:00:00",
"dateReserved": "2015-03-09T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4336 (GCVE-0-2014-4336)
Vulnerability from nvd – Published: 2014-06-22 21:00 – Updated: 2024-08-06 11:12
VLAI?
Summary
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-22T20:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4336",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4337 (GCVE-0-2014-4337)
Vulnerability from nvd – Published: 2014-06-22 21:00 – Updated: 2024-08-06 11:12
VLAI?
Summary
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4337",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4338 (GCVE-0-2014-4338)
Vulnerability from nvd – Published: 2014-06-22 21:00 – Updated: 2024-08-06 11:12
VLAI?
Summary
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:34.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68124"
},
{
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4338",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:34.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2707 (GCVE-0-2014-2707)
Vulnerability from nvd – Published: 2014-04-17 14:00 – Updated: 2024-08-06 10:21
VLAI?
Summary
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-20T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57530"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2707",
"datePublished": "2014-04-17T14:00:00",
"dateReserved": "2014-04-01T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}