All the vulnerabilites related to linuxfoundation - cups-filters
Vulnerability from fkie_nvd
Published
2015-07-14 16:59
Modified
2024-11-21 02:29
Severity ?
Summary
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 | |
| debian | debian_linux | 7.1 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AED437C-DE56-4D45-82B6-F1420AB669D8",
"versionEndIncluding": "1.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en filter/texttopdf.c en texttopdf en cups-filters antes de 1.0.71, que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (colapso) o la posibilidad de ejecutar c\u00f3digo arbitrario por medio de una l\u00ednea larga que contiene caracteres anchos manipulada en un trabajo de impresi\u00f3n, lo que desencadena un desbordamiento del buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2015-3279",
"lastModified": "2024-11-21T02:29:03.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-14T16:59:03.187",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/75557"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201510-08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-17 14:55
Modified
2024-11-21 02:06
Severity ?
Summary
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | 1.0.41 | |
| linuxfoundation | cups-filters | 1.0.42 | |
| linuxfoundation | cups-filters | 1.0.43 | |
| linuxfoundation | cups-filters | 1.0.44 | |
| linuxfoundation | cups-filters | 1.0.45 | |
| linuxfoundation | cups-filters | 1.0.46 | |
| linuxfoundation | cups-filters | 1.0.47 | |
| linuxfoundation | cups-filters | 1.0.48 | |
| linuxfoundation | cups-filters | 1.0.49 | |
| linuxfoundation | cups-filters | 1.0.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF5B05C-7C56-4FB1-821D-5A919E56C823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
},
{
"lang": "es",
"value": "cups-browsed en cups-filters 1.0.41 anterior a 1.0.51 permite a impresoras IPP remotas ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el (1) modelo o (2) PDL, relacionado con \"scripts de interfaz System V generados para colas.\""
}
],
"id": "CVE-2014-2707",
"lastModified": "2024-11-21T02:06:48.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-17T14:55:11.700",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57530"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-22 21:55
Modified
2024-11-21 02:09
Severity ?
Summary
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 | Patch, Third Party Advisory | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2014/04/25/7 | Patch, Third Party Advisory | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2014/06/19/12 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/04/25/7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/06/19/12 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABCFE4C-E846-4C01-9518-3FB194E99074",
"versionEndIncluding": "1.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
},
{
"lang": "es",
"value": "La funci\u00f3n generate_local_queue en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a impresoras IPP remotas ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el nombre del anfitri\u00f3n. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-2707."
}
],
"id": "CVE-2014-4336",
"lastModified": "2024-11-21T02:09:59.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-22T21:55:03.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2024-11-21 01:59
Severity ?
Summary
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20294CE7-12C8-43CA-A702-5ED2A3044FFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96BE9065-DBB6-476F-94E4-9E1ABFE12B6C",
"versionEndIncluding": "1.0.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2537957-4C48-4EAE-8ABE-7007609D470E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB423F2E-D982-4E4E-8BC4-A9422EED0E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79EE8950-8167-40C5-B590-D7E7D8CE8684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "845FC6CC-0419-4E2C-89E9-2E3B4E862DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D38380-F381-4C30-9997-5B0AF4E90084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C007E84B-0215-41DA-90C6-A7AD13CEC2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31A82F3D-2F83-4C01-AF26-4F3D92B56F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D08737A6-1CCA-435C-9A73-1ECD28F4B38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2C7719-DC78-4D79-B98F-6E9012059D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBAD866-D5D9-4CB9-8ED0-DF308A5F6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "549FDAD0-C44C-420E-8482-E4C1CF1AC806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "24595CDE-84CD-4E7F-B583-3A95CD739EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77FC9AB9-1C09-41E3-BCDD-420F0EFDFB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "57D9EF6E-464B-49AE-B3B9-E6A18C97D44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2148B414-A59B-4C4E-8274-308D77E67BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8E1B50-FD96-4DF1-9DD3-A80E3BC8A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4FFF7B-FB25-4CAD-A836-E003F1D8FFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "30C5C5FF-FD58-4068-AD29-4E0B6B9453C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6B179FE0-A32B-4BB5-8B94-837B31097AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF65925-90E3-4D80-A768-9F1A232FF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41125E-5173-4942-AD13-A1E89F966C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6E33FB77-5E09-424B-89CD-B58F1C3E443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "63529640-E326-4BAE-81B8-A1DDB7212944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "59F87B81-6EC5-40C2-9506-519F91DAF7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "FC988F76-C53C-4AE8-AFF2-1ADFA55E4D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "62C771DD-9569-4688-BA5F-D292D81E2FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "29F35F4F-86BB-42E6-B5DA-610266232C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "63CD4E64-D224-4BD6-B6B8-7FEABCC6A345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C9388F6C-59C2-49DE-8FF7-68AA6033AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE35CE5-81F1-450E-8F14-D0967C9B01BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A9771D47-3F6E-441A-BB32-C1F0D022B10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0A054DB2-3CE6-4E05-8D1B-000ABF6635A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C1C1B0-E520-44EA-8CE6-BD111EF7F885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B7408F05-425B-4824-86EE-B54B51457573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F10EC538-4671-4583-A70D-BD2A0B653546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "29F97CA8-BF93-4A54-A96F-3AD097CB74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "33EE31E7-A845-479F-A765-237824CB79C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1FB206-A3E3-443C-B82E-9DDE33BD533D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "83CFEE4A-A07F-4B13-8D94-FEDC709F51D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "3159BD60-433B-4409-B4B6-BDEC8542B218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "4D10B33C-077A-4055-B47B-13115A05F0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF5B05C-7C56-4FB1-821D-5A919E56C823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en (1) OPVPOutputDev.cxx y (2) oprs/OPVPSplash.cxx en el filtro pdftoopvp en CUPS y cups-filters anterior a 1.0.47 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archive de PDF manipulado, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2013-6475",
"lastModified": "2024-11-21T01:59:18.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T15:55:05.540",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/66166"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027550"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2024-11-21 01:59
Severity ?
Summary
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 13.10 | |
| linuxfoundation | cups-filters | 1.0.25 | |
| linuxfoundation | cups-filters | 1.0.26 | |
| linuxfoundation | cups-filters | 1.0.27 | |
| linuxfoundation | cups-filters | 1.0.28 | |
| linuxfoundation | cups-filters | 1.0.29 | |
| linuxfoundation | cups-filters | 1.0.30 | |
| linuxfoundation | cups-filters | 1.0.31 | |
| linuxfoundation | cups-filters | 1.0.32 | |
| linuxfoundation | cups-filters | 1.0.33 | |
| linuxfoundation | cups-filters | 1.0.34 | |
| linuxfoundation | cups-filters | 1.0.35 | |
| linuxfoundation | cups-filters | 1.0.36 | |
| linuxfoundation | cups-filters | 1.0.37 | |
| linuxfoundation | cups-filters | 1.0.38 | |
| linuxfoundation | cups-filters | 1.0.39 | |
| linuxfoundation | cups-filters | 1.0.40 | |
| linuxfoundation | cups-filters | 1.0.41 | |
| linuxfoundation | cups-filters | 1.0.42 | |
| linuxfoundation | cups-filters | 1.0.43 | |
| linuxfoundation | cups-filters | 1.0.44 | |
| linuxfoundation | cups-filters | 1.0.45 | |
| linuxfoundation | cups-filters | 1.0.46 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "62C771DD-9569-4688-BA5F-D292D81E2FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "29F35F4F-86BB-42E6-B5DA-610266232C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "63CD4E64-D224-4BD6-B6B8-7FEABCC6A345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C9388F6C-59C2-49DE-8FF7-68AA6033AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE35CE5-81F1-450E-8F14-D0967C9B01BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A9771D47-3F6E-441A-BB32-C1F0D022B10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0A054DB2-3CE6-4E05-8D1B-000ABF6635A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C1C1B0-E520-44EA-8CE6-BD111EF7F885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B7408F05-425B-4824-86EE-B54B51457573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F10EC538-4671-4583-A70D-BD2A0B653546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "29F97CA8-BF93-4A54-A96F-3AD097CB74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "33EE31E7-A845-479F-A765-237824CB79C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1FB206-A3E3-443C-B82E-9DDE33BD533D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "83CFEE4A-A07F-4B13-8D94-FEDC709F51D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "3159BD60-433B-4409-B4B6-BDEC8542B218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "4D10B33C-077A-4055-B47B-13115A05F0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF5B05C-7C56-4FB1-821D-5A919E56C823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer basado en memoria din\u00e1mica en el filtro urftopdf en cups-filters 1.0.25 anterior a 1.0.47 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una (1) p\u00e1gina grande o (2) l\u00ednea grande en un archivo URF."
}
],
"id": "CVE-2013-6473",
"lastModified": "2024-11-21T01:59:17.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T15:55:05.480",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/66601"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027547"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-22 21:55
Modified
2024-11-21 02:09
Severity ?
Summary
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABCFE4C-E846-4C01-9518-3FB194E99074",
"versionEndIncluding": "1.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
},
{
"lang": "es",
"value": "La funci\u00f3n process_browse_data en utils/cups-browsed.c en cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de datos de paquetes manipulados."
}
],
"id": "CVE-2014-4337",
"lastModified": "2024-11-21T02:09:59.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-22T21:55:03.520",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68122"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2024-11-21 01:59
Severity ?
Summary
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20294CE7-12C8-43CA-A702-5ED2A3044FFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96BE9065-DBB6-476F-94E4-9E1ABFE12B6C",
"versionEndIncluding": "1.0.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2537957-4C48-4EAE-8ABE-7007609D470E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB423F2E-D982-4E4E-8BC4-A9422EED0E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79EE8950-8167-40C5-B590-D7E7D8CE8684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "845FC6CC-0419-4E2C-89E9-2E3B4E862DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D38380-F381-4C30-9997-5B0AF4E90084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C007E84B-0215-41DA-90C6-A7AD13CEC2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31A82F3D-2F83-4C01-AF26-4F3D92B56F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D08737A6-1CCA-435C-9A73-1ECD28F4B38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2C7719-DC78-4D79-B98F-6E9012059D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBAD866-D5D9-4CB9-8ED0-DF308A5F6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "549FDAD0-C44C-420E-8482-E4C1CF1AC806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "24595CDE-84CD-4E7F-B583-3A95CD739EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77FC9AB9-1C09-41E3-BCDD-420F0EFDFB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "57D9EF6E-464B-49AE-B3B9-E6A18C97D44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2148B414-A59B-4C4E-8274-308D77E67BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8E1B50-FD96-4DF1-9DD3-A80E3BC8A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4FFF7B-FB25-4CAD-A836-E003F1D8FFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "30C5C5FF-FD58-4068-AD29-4E0B6B9453C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6B179FE0-A32B-4BB5-8B94-837B31097AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF65925-90E3-4D80-A768-9F1A232FF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41125E-5173-4942-AD13-A1E89F966C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6E33FB77-5E09-424B-89CD-B58F1C3E443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "63529640-E326-4BAE-81B8-A1DDB7212944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "59F87B81-6EC5-40C2-9506-519F91DAF7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "FC988F76-C53C-4AE8-AFF2-1ADFA55E4D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "62C771DD-9569-4688-BA5F-D292D81E2FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "29F35F4F-86BB-42E6-B5DA-610266232C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "63CD4E64-D224-4BD6-B6B8-7FEABCC6A345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C9388F6C-59C2-49DE-8FF7-68AA6033AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE35CE5-81F1-450E-8F14-D0967C9B01BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A9771D47-3F6E-441A-BB32-C1F0D022B10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0A054DB2-3CE6-4E05-8D1B-000ABF6635A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C1C1B0-E520-44EA-8CE6-BD111EF7F885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B7408F05-425B-4824-86EE-B54B51457573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F10EC538-4671-4583-A70D-BD2A0B653546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "29F97CA8-BF93-4A54-A96F-3AD097CB74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "33EE31E7-A845-479F-A765-237824CB79C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1FB206-A3E3-443C-B82E-9DDE33BD533D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "83CFEE4A-A07F-4B13-8D94-FEDC709F51D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "3159BD60-433B-4409-B4B6-BDEC8542B218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "4D10B33C-077A-4055-B47B-13115A05F0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF5B05C-7C56-4FB1-821D-5A919E56C823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file."
},
{
"lang": "es",
"value": "La funci\u00f3n OPVPWrapper::loadDriver en oprs/OPVPWrapper.cxx en el filtro pdftoopvp en CUPS y cups-filters anterior a 1.0.47 permite a usuarios locales ganar privilegios a trav\u00e9s de un controlador caballo de troya en el mismo directorio que el archivo de PDF."
}
],
"id": "CVE-2013-6476",
"lastModified": "2024-11-21T01:59:18.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T15:55:05.557",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-24 17:59
Modified
2024-11-21 02:27
Severity ?
Summary
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F50391-99E7-452E-8BE3-414699D543A8",
"versionEndIncluding": "1.0.65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
},
{
"lang": "es",
"value": "La funci\u00f3n remove_bad_chars en utils/cups-browsed.c en cups-filters anterior a 1.0.66 permite a impresoras IPP remotas ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell consecutivos en el (1) modelo o (2) PDL. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-2707."
}
],
"id": "CVE-2015-2265",
"lastModified": "2024-11-21T02:27:06.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-24T17:59:09.727",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-22 21:55
Modified
2024-11-21 02:09
Severity ?
Summary
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABCFE4C-E846-4C01-9518-3FB194E99074",
"versionEndIncluding": "1.0.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
},
{
"lang": "es",
"value": "cups-browsed en cups-filters anterior a 1.0.53 permite a atacantes remotos evadir restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un directivo cups-browsed.conf BrowseAllow malformado que se interpreta como si cediera acceso de navegaci\u00f3n a todas las direcciones IP."
}
],
"id": "CVE-2014-4338",
"lastModified": "2024-11-21T02:09:59.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-22T21:55:03.690",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/62044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-17 18:15
Modified
2024-11-21 07:48
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cups-filters | * | |
| linuxfoundation | cups-filters | 2.0 | |
| linuxfoundation | cups-filters | 2.0 | |
| linuxfoundation | cups-filters | 2.0 | |
| linuxfoundation | cups-filters | 2.0 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F579A-B8F0-4F15-A8DA-7D58BF94740A",
"versionEndExcluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "216CAAD0-DBE1-4732-9E7D-1E2F681DC3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "528C776A-D684-4A2B-BD40-4798321169E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "04694E1A-63CE-41E8-A8CA-31368D058EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DADB252D-65B1-4591-B3F3-DBCEFD49CC52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) \u003e\u003e 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime."
}
],
"id": "CVE-2023-24805",
"lastModified": "2024-11-21T07:48:25.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-17T18:15:09.177",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.gentoo.org/glsa/202401-06"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5407"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-17 19:59
Modified
2024-11-21 02:38
Severity ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
"matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0822E-225D-4534-A6F7-D8E442432CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D31E4828-5DF6-47E7-86AE-CD03259D1E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3DD5E3-C304-4519-BE45-F20276E0DB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D5FB154-6600-4CE1-9811-5BC672D68991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01CE79DA-B5C3-4923-B941-95C4717C8BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "307F7310-F34B-4CEC-B81B-33899006E882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7CC46F-8875-4630-9B1A-278E94A2CD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB351C4-66F2-4DAE-A34D-E5B2237F1887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9182A35A-C31C-4C8D-917A-C2B2231364AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "63EBEA36-790A-454D-B29F-996D0C0204FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22E3EC4A-48AE-4039-974D-4D5BE0598A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB8C32D-C84B-4D0D-A145-562904B94C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "66D52942-C9DA-46CF-B066-B2D569EAD5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F54BE2F2-226D-4EAE-BBE3-8B042E2B3914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFE1F4C-3476-4C43-99E7-41846BAE6544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "910858E2-1083-4F9F-827D-E0F8EBA6C1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CB713EAA-C0CB-464B-B9B4-40D9718B9106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6C285215-4125-44E4-A1EC-A2BA92F88251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA7078-EB66-4950-A42E-AFA1C4884BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "F820B469-1F21-4E38-9632-3D909B115D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AA59E3-7FCE-408F-9A24-1E4D451BB15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "3975A1BA-90A6-4E16-BA17-CFA62EDB017B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "42C8E1B5-9C65-4067-8FC6-63E286C7C5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1F6317-6CC3-4B1B-8A2C-F131F20395FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "90A028CB-53C4-4FA0-AB46-7FA6A5621D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5BDDFE-93CE-462E-B059-78AE7635491E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "12FAE5EA-91B4-4E3C-863D-BAFA832BD7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2135A-6BB7-4C44-94A9-61C3DAE3BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C011CFB5-66CF-4E9F-987B-497AF7F7D89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "51BECA9A-9A4F-483D-B0F8-7EDF39653220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "144ADD44-7A0D-41CD-B9DD-8B0D55B30AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "3629070E-A703-42DC-92B5-192D1C4E965A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "BBADA027-AC75-48C1-A374-52D22C916DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "A860B37D-62CB-4421-8A7E-32E944D8BDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "816C584C-B1BE-4EF6-B524-4438006BD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3062CE-C2DC-4920-9C35-B793E0EE367C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "60466538-FEDC-4B88-B6DC-344770D5BEEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "30C5B79D-E24E-4D10-BA02-9CFD87C77B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "D32FAFD1-9E31-4D59-8B40-D6522566B85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0359678E-7979-47F8-9583-A988211EEC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A512A128-3906-4838-A932-29BA2C327957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "23D7612C-445C-45B1-8320-1086972CA0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "09E4C01C-B275-4092-AF25-803B219C4617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4D6B65-32AB-4845-9C26-F47E5824D4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3913DB-A23C-42EB-B04C-464270C3C1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.2.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de caracteres ` (acento grave) en un trabajo de impresi\u00f3n."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/184.html\"\u003eCWE-184: Incomplete Blacklist\u003c/a\u003e",
"id": "CVE-2015-8327",
"lastModified": "2024-11-21T02:38:18.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-17T19:59:05.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "cve@mitre.org",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3411"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/78524"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/78524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 16:59
Modified
2024-11-21 02:29
Severity ?
Summary
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 | |
| debian | debian_linux | 7.1 | |
| debian | debian_linux | 8.0 | |
| linuxfoundation | cups-filters | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AED437C-DE56-4D45-82B6-F1420AB669D8",
"versionEndIncluding": "1.0.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job."
},
{
"lang": "es",
"value": "Desbordamiento del buffer basado en memoria din\u00e1mica en la funci\u00f3n WriteProlog en filter/texttopdf.c en texttopdf en cups-filters antes del 1.0.70, que permite a atacantes remotos provocar una denegaci\u00f3n de servcio (colapso) o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de una l\u00ednea larga que contiene caracteres anchos en una tarea de impresi\u00f3n."
}
],
"id": "CVE-2015-3258",
"lastModified": "2024-11-21T02:29:01.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-14T16:59:02.203",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/75436"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201510-08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 15:55
Modified
2024-11-21 01:59
Severity ?
Summary
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96BE9065-DBB6-476F-94E4-9E1ABFE12B6C",
"versionEndIncluding": "1.0.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2537957-4C48-4EAE-8ABE-7007609D470E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB423F2E-D982-4E4E-8BC4-A9422EED0E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79EE8950-8167-40C5-B590-D7E7D8CE8684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "845FC6CC-0419-4E2C-89E9-2E3B4E862DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D38380-F381-4C30-9997-5B0AF4E90084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C007E84B-0215-41DA-90C6-A7AD13CEC2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31A82F3D-2F83-4C01-AF26-4F3D92B56F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D08737A6-1CCA-435C-9A73-1ECD28F4B38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2C7719-DC78-4D79-B98F-6E9012059D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FBBAD866-D5D9-4CB9-8ED0-DF308A5F6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "549FDAD0-C44C-420E-8482-E4C1CF1AC806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "24595CDE-84CD-4E7F-B583-3A95CD739EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77FC9AB9-1C09-41E3-BCDD-420F0EFDFB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "57D9EF6E-464B-49AE-B3B9-E6A18C97D44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2148B414-A59B-4C4E-8274-308D77E67BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8E1B50-FD96-4DF1-9DD3-A80E3BC8A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4FFF7B-FB25-4CAD-A836-E003F1D8FFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "30C5C5FF-FD58-4068-AD29-4E0B6B9453C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6B179FE0-A32B-4BB5-8B94-837B31097AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF65925-90E3-4D80-A768-9F1A232FF6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41125E-5173-4942-AD13-A1E89F966C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6E33FB77-5E09-424B-89CD-B58F1C3E443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "63529640-E326-4BAE-81B8-A1DDB7212944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "59F87B81-6EC5-40C2-9506-519F91DAF7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "FC988F76-C53C-4AE8-AFF2-1ADFA55E4D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "62C771DD-9569-4688-BA5F-D292D81E2FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "29F35F4F-86BB-42E6-B5DA-610266232C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "63CD4E64-D224-4BD6-B6B8-7FEABCC6A345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C9388F6C-59C2-49DE-8FF7-68AA6033AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE35CE5-81F1-450E-8F14-D0967C9B01BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A9771D47-3F6E-441A-BB32-C1F0D022B10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "0A054DB2-3CE6-4E05-8D1B-000ABF6635A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C1C1B0-E520-44EA-8CE6-BD111EF7F885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B7408F05-425B-4824-86EE-B54B51457573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F10EC538-4671-4583-A70D-BD2A0B653546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "29F97CA8-BF93-4A54-A96F-3AD097CB74A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "33EE31E7-A845-479F-A765-237824CB79C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1FB206-A3E3-443C-B82E-9DDE33BD533D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "83CFEE4A-A07F-4B13-8D94-FEDC709F51D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "3159BD60-433B-4409-B4B6-BDEC8542B218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "4D10B33C-077A-4055-B47B-13115A05F0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF5B05C-7C56-4FB1-821D-5A919E56C823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20294CE7-12C8-43CA-A702-5ED2A3044FFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el filtro pdftoopvp en CUPS y cups-filters anterior a 1.0.47 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo PDF manipulado."
}
],
"id": "CVE-2013-6474",
"lastModified": "2024-11-21T01:59:17.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T15:55:05.510",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/66163"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-14 14:59
Modified
2024-11-21 02:38
Severity ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA7078-EB66-4950-A42E-AFA1C4884BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "F820B469-1F21-4E38-9632-3D909B115D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AA59E3-7FCE-408F-9A24-1E4D451BB15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "3975A1BA-90A6-4E16-BA17-CFA62EDB017B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "42C8E1B5-9C65-4067-8FC6-63E286C7C5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1F6317-6CC3-4B1B-8A2C-F131F20395FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "90A028CB-53C4-4FA0-AB46-7FA6A5621D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5BDDFE-93CE-462E-B059-78AE7635491E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "12FAE5EA-91B4-4E3C-863D-BAFA832BD7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA2135A-6BB7-4C44-94A9-61C3DAE3BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C011CFB5-66CF-4E9F-987B-497AF7F7D89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "51BECA9A-9A4F-483D-B0F8-7EDF39653220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "144ADD44-7A0D-41CD-B9DD-8B0D55B30AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "3629070E-A703-42DC-92B5-192D1C4E965A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "BBADA027-AC75-48C1-A374-52D22C916DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "A860B37D-62CB-4421-8A7E-32E944D8BDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "816C584C-B1BE-4EF6-B524-4438006BD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3062CE-C2DC-4920-9C35-B793E0EE367C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "60466538-FEDC-4B88-B6DC-344770D5BEEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "30C5B79D-E24E-4D10-BA02-9CFD87C77B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "D32FAFD1-9E31-4D59-8B40-D6522566B85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0359678E-7979-47F8-9583-A988211EEC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A512A128-3906-4838-A932-29BA2C327957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "23D7612C-445C-45B1-8320-1086972CA0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "09E4C01C-B275-4092-AF25-803B219C4617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4D6B65-32AB-4845-9C26-F47E5824D4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3913DB-A23C-42EB-B04C-464270C3C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D6C5B9-C91B-4D2E-AFF0-77C2A552F277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA32A4E7-3083-48C3-9131-534996094883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD0822E-225D-4534-A6F7-D8E442432CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D31E4828-5DF6-47E7-86AE-CD03259D1E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3DD5E3-C304-4519-BE45-F20276E0DB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D5FB154-6600-4CE1-9811-5BC672D68991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01CE79DA-B5C3-4923-B941-95C4717C8BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "307F7310-F34B-4CEC-B81B-33899006E882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7CC46F-8875-4630-9B1A-278E94A2CD47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB351C4-66F2-4DAE-A34D-E5B2237F1887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9182A35A-C31C-4C8D-917A-C2B2231364AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "63EBEA36-790A-454D-B29F-996D0C0204FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22E3EC4A-48AE-4039-974D-4D5BE0598A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB8C32D-C84B-4D0D-A145-562904B94C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "66D52942-C9DA-46CF-B066-B2D569EAD5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F54BE2F2-226D-4EAE-BBE3-8B042E2B3914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFE1F4C-3476-4C43-99E7-41846BAE6544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "910858E2-1083-4F9F-827D-E0F8EBA6C1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CB713EAA-C0CB-464B-B9B4-40D9718B9106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6C285215-4125-44E4-A1EC-A2BA92F88251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.4.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un car\u00e1cter ; (punto y coma) en un trabajo de impresi\u00f3n, una vulnerabilidad diferente a CVE-2015-8327."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/184.html\"\u003eCWE-184: Incomplete Blacklist\u003c/a\u003e",
"id": "CVE-2015-8560",
"lastModified": "2024-11-21T02:38:44.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-14T14:59:06.207",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "security@debian.org",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"source": "security@debian.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2838-2"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-6474
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2144-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-2876 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1027548 | x_refsource_CONFIRM | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2143-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-2875 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/66163 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2144-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"name": "DSA-2876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "DSA-2875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"name": "66163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2144-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"name": "DSA-2876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "DSA-2875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"name": "66163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66163"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6474",
"datePublished": "2014-03-14T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2707
Vulnerability from cvelistv5
Published
2014-04-17 14:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57530 | third-party-advisory, x_refsource_SECUNIA | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html | vendor-advisory, x_refsource_FEDORA | |
| http://seclists.org/oss-sec/2014/q2/13 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2210-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1083326 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:35.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-20T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to \"System V interface scripts generated for queues.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57530"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS"
},
{
"name": "FEDORA-2014-4708",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html"
},
{
"name": "[oss-security] 20140402 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/13"
},
{
"name": "USN-2210-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2210-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2707",
"datePublished": "2014-04-17T14:00:00",
"dateReserved": "2014-04-01T00:00:00",
"dateUpdated": "2024-08-06T10:21:35.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6475
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2144-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-2876 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1027550 | x_refsource_CONFIRM | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/66166 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2143-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-2875 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2144-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"name": "DSA-2876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"name": "66166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66166"
},
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "DSA-2875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2144-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"name": "DSA-2876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"name": "66166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66166"
},
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "DSA-2875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2875"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6475",
"datePublished": "2014-03-14T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3258
Vulnerability from cvelistv5
Published
2015-07-14 16:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ubuntu.com/usn/usn-2659-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201510-08 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/75436 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/06/26/4 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html | vendor-advisory, x_refsource_SUSE | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1235385 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3303 | vendor-advisory, x_refsource_DEBIAN | |
| http://rhn.redhat.com/errata/RHSA-2015-2360.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "75436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "75436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "[oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/26/4"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235385"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3258",
"datePublished": "2015-07-14T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6473
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2143-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/66601 | vdb-entry, x_refsource_BID | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1027547 | x_refsource_CONFIRM | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "66601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027547"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "66601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027547"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6473",
"datePublished": "2014-03-14T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8327
Vulnerability from cvelistv5
Published
2015-12-17 19:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2831-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2831-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2831-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2831-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "78524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78524"
},
{
"name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
},
{
"name": "USN-2831-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2831-2"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
},
{
"name": "RHSA-2016:0491",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
},
{
"name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
},
{
"name": "openSUSE-SU-2016:0179",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
},
{
"name": "DSA-3411",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8327",
"datePublished": "2015-12-17T19:00:00",
"dateReserved": "2015-11-24T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4337
Vulnerability from cvelistv5
Published
2014-06-22 21:00
Modified
2024-08-06 11:12
Severity ?
EPSS score ?
Summary
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1795.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/62044 | third-party-advisory, x_refsource_SECUNIA | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/68122 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2014/06/19/12 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "68122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68122"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4337",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24805
Vulnerability from cvelistv5
Published
2023-05-17 17:33
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | OpenPrinting | cups-filters |
Version: <= 2.0rc1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:19.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"name": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cups-filters",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0rc1 "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) \u003e\u003e 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T17:33:41.714Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x"
},
{
"name": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5407"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"url": "https://security.gentoo.org/glsa/202401-06"
}
],
"source": {
"advisory": "GHSA-gpxc-v2m8-fr3x",
"discovery": "UNKNOWN"
},
"title": "Command injection in cups-filters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-24805",
"datePublished": "2023-05-17T17:33:41.714Z",
"dateReserved": "2023-01-30T14:43:33.703Z",
"dateUpdated": "2024-08-02T11:03:19.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2265
Vulnerability from cvelistv5
Published
2015-03-24 17:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:196 | vendor-advisory, x_refsource_MANDRIVA | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2532-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://advisories.mageia.org/MGASA-2015-0132.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1265"
},
{
"name": "MDVSA-2015:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:196"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333"
},
{
"name": "USN-2532-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2532-1"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0132.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0132.html"
},
{
"name": "openSUSE-SU-2015:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2265",
"datePublished": "2015-03-24T17:00:00",
"dateReserved": "2015-03-09T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4336
Vulnerability from cvelistv5
Published
2014-06-22 21:00
Modified
2024-08-06 11:12
Severity ?
EPSS score ?
Summary
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2014/04/25/7 | mailing-list, x_refsource_MLIST | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2014/06/19/12 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:35.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-22T20:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4336",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:35.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8560
Vulnerability from cvelistv5
Published
2016-04-14 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3419 | vendor-advisory, x_refsource_DEBIAN | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/12/14/13 | mailing-list, x_refsource_MLIST | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2838-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3429 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-2838-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2015/12/13/2 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2016-0491.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3419",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3419",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3419",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3419"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
},
{
"name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2838-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2838-1"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
},
{
"name": "DSA-3429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3429"
},
{
"name": "USN-2838-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2838-2"
},
{
"name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
},
{
"name": "RHSA-2016:0491",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8560",
"datePublished": "2016-04-14T14:00:00",
"dateReserved": "2015-12-14T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6476
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2144-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1027551 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2876 | vendor-advisory, x_refsource_DEBIAN | |
| http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2143-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-2875 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2144-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551"
},
{
"name": "DSA-2876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "DSA-2875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-14T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2144-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2144-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551"
},
{
"name": "DSA-2876",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"name": "USN-2143-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "DSA-2875",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2875"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6476",
"datePublished": "2014-03-14T15:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3279
Vulnerability from cvelistv5
Published
2015-07-14 16:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2659-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2659-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2659-1"
},
{
"name": "GLSA-201510-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-08"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238990"
},
{
"name": "[oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/03/2"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS"
},
{
"name": "openSUSE-SU-2015:1244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00033.html"
},
{
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369"
},
{
"name": "DSA-3303",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3303"
},
{
"name": "75557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75557"
},
{
"name": "RHSA-2015:2360",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2360.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3279",
"datePublished": "2015-07-14T16:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4338
Vulnerability from cvelistv5
Published
2014-06-22 21:00
Modified
2024-08-06 11:12
Severity ?
EPSS score ?
Summary
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1795.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/68124 | vdb-entry, x_refsource_BID | |
| https://bugs.linuxfoundation.org/show_bug.cgi?id=1204 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/62044 | third-party-advisory, x_refsource_SECUNIA | |
| http://openwall.com/lists/oss-security/2014/04/25/7 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2014/06/19/12 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:34.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1795",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1795.html"
},
{
"name": "68124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68124"
},
{
"name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204",
"refsource": "CONFIRM",
"url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=1204"
},
{
"name": "62044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62044"
},
{
"name": "[oss-security] 20140425 Re: Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/04/25/7"
},
{
"name": "[oss-security] 20140619 Re: cups-browsed remote exploit",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/19/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4338",
"datePublished": "2014-06-22T21:00:00",
"dateReserved": "2014-06-19T00:00:00",
"dateUpdated": "2024-08-06T11:12:34.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}