All the vulnerabilites related to linuxfoundation - foomatic-filters
cve-2015-8327
Vulnerability from cvelistv5
Published
2015-12-17 19:00
Modified
2024-08-06 08:13
Severity ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
References
http://www.ubuntu.com/usn/USN-2831-1vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/78524vdb-entry, x_refsource_BID
https://lists.debian.org/debian-printing/2015/11/msg00020.htmlmailing-list, x_refsource_MLIST
http://www.ubuntu.com/usn/USN-2831-2vendor-advisory, x_refsource_UBUNTU
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWSx_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3429vendor-advisory, x_refsource_DEBIAN
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886x_refsource_CONFIRM
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0491.htmlvendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-printing/2015/12/msg00001.htmlmailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2015/dsa-3411vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:32.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2831-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2831-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "78524",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78524"
          },
          {
            "name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
          },
          {
            "name": "USN-2831-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2831-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
          },
          {
            "name": "DSA-3429",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
          },
          {
            "name": "RHSA-2016:0491",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
          },
          {
            "name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2016:0179",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
          },
          {
            "name": "DSA-3411",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3411"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-2831-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2831-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "78524",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/78524"
        },
        {
          "name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
        },
        {
          "name": "USN-2831-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2831-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
        },
        {
          "name": "DSA-3429",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
        },
        {
          "name": "RHSA-2016:0491",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
        },
        {
          "name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
        },
        {
          "name": "openSUSE-SU-2016:0179",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
        },
        {
          "name": "DSA-3411",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3411"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2831-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2831-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "78524",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/78524"
            },
            {
              "name": "[debian-printing] 20151126 cups-filters 1.2.0 released!",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
            },
            {
              "name": "USN-2831-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2831-2"
            },
            {
              "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
              "refsource": "CONFIRM",
              "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
            },
            {
              "name": "DSA-3429",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3429"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
            },
            {
              "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406",
              "refsource": "CONFIRM",
              "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
            },
            {
              "name": "RHSA-2016:0491",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
            },
            {
              "name": "[debian-printing] 20151201 Re: cups-filters 1.2.0 released!",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2016:0179",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
            },
            {
              "name": "DSA-3411",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3411"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8327",
    "datePublished": "2015-12-17T19:00:00",
    "dateReserved": "2015-11-24T00:00:00",
    "dateUpdated": "2024-08-06T08:13:32.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2923
Vulnerability from cvelistv5
Published
2019-11-19 20:38
Modified
2024-08-06 23:15
Severity ?
Summary
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
References
https://security-tracker.debian.org/tracker/CVE-2011-2923x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2923x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-2923x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-2923x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:15:31.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2011-2923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-2923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2011-2923"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "foomatic-filters",
          "vendor": "foomatic-filters",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "UNKNOWN_TYPE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-19T20:38:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2011-2923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-2923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2011-2923"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2923",
    "datePublished": "2019-11-19T20:38:08",
    "dateReserved": "2011-07-27T00:00:00",
    "dateUpdated": "2024-08-06T23:15:31.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8560
Vulnerability from cvelistv5
Published
2016-04-14 14:00
Modified
2024-08-06 08:20
Severity ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
References
http://www.debian.org/security/2015/dsa-3419vendor-advisory, x_refsource_DEBIAN
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/12/14/13mailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2838-1vendor-advisory, x_refsource_UBUNTU
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWSx_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3429vendor-advisory, x_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2838-2vendor-advisory, x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2015/12/13/2mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2016-0491.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3419",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3419"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
          },
          {
            "name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "USN-2838-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2838-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
          },
          {
            "name": "DSA-3429",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3429"
          },
          {
            "name": "USN-2838-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2838-2"
          },
          {
            "name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
          },
          {
            "name": "RHSA-2016:0491",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "DSA-3419",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3419"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
        },
        {
          "name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "USN-2838-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2838-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
        },
        {
          "name": "DSA-3429",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3429"
        },
        {
          "name": "USN-2838-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2838-2"
        },
        {
          "name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
        },
        {
          "name": "RHSA-2016:0491",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-8560",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3419",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3419"
            },
            {
              "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419",
              "refsource": "CONFIRM",
              "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
            },
            {
              "name": "[oss-security] 20151214 Re: CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "USN-2838-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2838-1"
            },
            {
              "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS",
              "refsource": "CONFIRM",
              "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
            },
            {
              "name": "DSA-3429",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3429"
            },
            {
              "name": "USN-2838-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2838-2"
            },
            {
              "name": "[oss-security] 20151213 CVE Request: Cups Filters/Foomatic Filters: Does not consider semicolon as an illegal shell escape character",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
            },
            {
              "name": "RHSA-2016:0491",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-8560",
    "datePublished": "2016-04-14T14:00:00",
    "dateReserved": "2015-12-14T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-2924
Vulnerability from cvelistv5
Published
2019-11-19 21:20
Modified
2024-08-06 23:15
Severity ?
Summary
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
References
https://security-tracker.debian.org/tracker/CVE-2011-2924x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-2924x_refsource_MISC
https://www.openwall.com/lists/oss-security/2014/02/08/5/1x_refsource_MISC
https://lwn.net/Articles/459979/x_refsource_MISC
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:15:31.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2011-2924"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2011-2924"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2014/02/08/5/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lwn.net/Articles/459979/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "foomatic-filters",
          "vendor": "foomatic-filters",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.12 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-19T21:20:16",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2011-2924"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2011-2924"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2014/02/08/5/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lwn.net/Articles/459979/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2924",
    "datePublished": "2019-11-19T21:20:16",
    "dateReserved": "2011-07-27T00:00:00",
    "dateUpdated": "2024-08-06T23:15:31.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-5325
Vulnerability from cvelistv5
Published
2016-04-15 14:00
Modified
2024-08-07 04:17
Severity ?
Summary
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1218297x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLogx_refsource_CONFIRM
https://bugs.linuxfoundation.org/show_bug.cgi?id=515x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0491.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2016/02/15/1mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/02/15/7mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515"
          },
          {
            "name": "RHSA-2016:0491",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
          },
          {
            "name": "[oss-security] 20160215 CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/02/15/1"
          },
          {
            "name": "[oss-security] 20160215 Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/02/15/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-09-30T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515"
        },
        {
          "name": "RHSA-2016:0491",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
        },
        {
          "name": "[oss-security] 20160215 CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/02/15/1"
        },
        {
          "name": "[oss-security] 20160215 Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/02/15/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-5325",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog"
            },
            {
              "name": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515",
              "refsource": "CONFIRM",
              "url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515"
            },
            {
              "name": "RHSA-2016:0491",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
            },
            {
              "name": "[oss-security] 20160215 CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/02/15/1"
            },
            {
              "name": "[oss-security] 20160215 Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/02/15/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-5325",
    "datePublished": "2016-04-15T14:00:00",
    "dateReserved": "2016-02-15T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2019-11-19 22:15
Modified
2024-11-21 01:29
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/cve-2011-2924Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1Release Notes, Third Party Advisory
secalert@redhat.comhttps://lwn.net/Articles/459979/Third Party Advisory
secalert@redhat.comhttps://security-tracker.debian.org/tracker/CVE-2011-2924Third Party Advisory
secalert@redhat.comhttps://www.openwall.com/lists/oss-security/2014/02/08/5/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2011-2924Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lwn.net/Articles/459979/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2011-2924Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2014/02/08/5/1Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
linuxfoundation foomatic-filters *
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 14
fedoraproject fedora 15


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7261A9-5354-420E-9607-6DE1FF0C0914",
              "versionEndIncluding": "4.0.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter."
    },
    {
      "lang": "es",
      "value": "foomatic-rip filter versi\u00f3n v4.0.12 y anteriores, utiliz\u00f3 archivos temporales creados de manera no segura para el almacenamiento de datos PostScript mediante el renderizado de los datos cuando el modo de depuraci\u00f3n fue habilitado. Un atacante local puede explotar este fallo para conducir ataques de enlace simb\u00f3lico al sobrescribir archivos arbitrarios accesibles con los privilegios del usuario que ejecuta el filtro de impresi\u00f3n universal de foomatic-rip."
    }
  ],
  "id": "CVE-2011-2924",
  "lastModified": "2024-11-21T01:29:17.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-19T22:15:10.943",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2011-2924"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lwn.net/Articles/459979/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-2924"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2014/02/08/5/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2011-2924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lwn.net/Articles/459979/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-2924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2014/02/08/5/1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-04-15 14:59
Modified
2024-11-21 01:23
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.
References
cve@mitre.orghttp://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLogPatch, Vendor Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0491.htmlThird Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2016/02/15/1Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2016/02/15/7Third Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
cve@mitre.orghttps://bugs.linuxfoundation.org/show_bug.cgi?id=515
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1218297Issue Tracking
af854a3a-2127-422b-91ae-364da2661108http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLogPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0491.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/02/15/1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/02/15/7Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.linuxfoundation.org/show_bug.cgi?id=515
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1218297Issue Tracking
Impacted products
Vendor Product Version
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 6.7.z
redhat enterprise_linux_workstation 6.0
linuxfoundation foomatic-filters *
oracle linux 6
redhat enterprise_linux 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "447572C1-7B88-49BB-BDF5-FAB3DB6852C3",
              "versionEndIncluding": "4.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n unhtmlify en foomatic-rip en foomatic-filters en versiones anteriores a 4.0.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un t\u00edtulo de trabajo largo."
    }
  ],
  "id": "CVE-2010-5325",
  "lastModified": "2024-11-21T01:23:02.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-15T14:59:00.113",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/02/15/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/02/15/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/02/15/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/02/15/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.linuxfoundation.org/show_bug.cgi?id=515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218297"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-12-17 19:59
Modified
2024-11-21 02:38
Severity ?
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
References
cve@mitre.orghttp://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWSVendor Advisory
cve@mitre.orghttp://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0491.html
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3411
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3429
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
cve@mitre.orghttp://www.securityfocus.com/bid/78524
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2831-1
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2831-2
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886
cve@mitre.orghttps://lists.debian.org/debian-printing/2015/11/msg00020.html
cve@mitre.orghttps://lists.debian.org/debian-printing/2015/12/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWSVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0491.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3411
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3429
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/78524
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2831-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2831-2
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-printing/2015/11/msg00020.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-printing/2015/12/msg00001.html
Impacted products
Vendor Product Version
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 6.7.z
redhat enterprise_linux_workstation 6.0
linuxfoundation foomatic-filters 4.0.0
linuxfoundation foomatic-filters 4.0.1
linuxfoundation foomatic-filters 4.0.2
linuxfoundation foomatic-filters 4.0.3
linuxfoundation foomatic-filters 4.0.4
linuxfoundation foomatic-filters 4.0.5
linuxfoundation foomatic-filters 4.0.6
linuxfoundation foomatic-filters 4.0.7
linuxfoundation foomatic-filters 4.0.8
linuxfoundation foomatic-filters 4.0.9
linuxfoundation foomatic-filters 4.0.10
linuxfoundation foomatic-filters 4.0.11
linuxfoundation foomatic-filters 4.0.12
linuxfoundation foomatic-filters 4.0.13
linuxfoundation foomatic-filters 4.0.14
linuxfoundation foomatic-filters 4.0.15
linuxfoundation foomatic-filters 4.0.16
linuxfoundation foomatic-filters 4.0.17
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
linuxfoundation cups-filters 1.0.42
linuxfoundation cups-filters 1.0.43
linuxfoundation cups-filters 1.0.44
linuxfoundation cups-filters 1.0.45
linuxfoundation cups-filters 1.0.46
linuxfoundation cups-filters 1.0.47
linuxfoundation cups-filters 1.0.48
linuxfoundation cups-filters 1.0.49
linuxfoundation cups-filters 1.0.50
linuxfoundation cups-filters 1.0.51
linuxfoundation cups-filters 1.0.52
linuxfoundation cups-filters 1.0.53
linuxfoundation cups-filters 1.0.54
linuxfoundation cups-filters 1.0.55
linuxfoundation cups-filters 1.0.56
linuxfoundation cups-filters 1.0.57
linuxfoundation cups-filters 1.0.58
linuxfoundation cups-filters 1.0.59
linuxfoundation cups-filters 1.0.60
linuxfoundation cups-filters 1.0.61
linuxfoundation cups-filters 1.0.62
linuxfoundation cups-filters 1.0.63
linuxfoundation cups-filters 1.0.64
linuxfoundation cups-filters 1.0.65
linuxfoundation cups-filters 1.0.66
linuxfoundation cups-filters 1.0.67
linuxfoundation cups-filters 1.0.68
linuxfoundation cups-filters 1.0.69
linuxfoundation cups-filters 1.0.70
linuxfoundation cups-filters 1.0.71
linuxfoundation cups-filters 1.0.72
linuxfoundation cups-filters 1.0.73
linuxfoundation cups-filters 1.0.74
linuxfoundation cups-filters 1.0.75
linuxfoundation cups-filters 1.0.76
linuxfoundation cups-filters 1.1.0
debian debian_linux 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BD0822E-225D-4534-A6F7-D8E442432CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31E4828-5DF6-47E7-86AE-CD03259D1E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3DD5E3-C304-4519-BE45-F20276E0DB7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D5FB154-6600-4CE1-9811-5BC672D68991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "01CE79DA-B5C3-4923-B941-95C4717C8BE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "307F7310-F34B-4CEC-B81B-33899006E882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7CC46F-8875-4630-9B1A-278E94A2CD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB351C4-66F2-4DAE-A34D-E5B2237F1887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9182A35A-C31C-4C8D-917A-C2B2231364AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EBEA36-790A-454D-B29F-996D0C0204FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E3EC4A-48AE-4039-974D-4D5BE0598A79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB8C32D-C84B-4D0D-A145-562904B94C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D52942-C9DA-46CF-B066-B2D569EAD5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F54BE2F2-226D-4EAE-BBE3-8B042E2B3914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CFE1F4C-3476-4C43-99E7-41846BAE6544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "910858E2-1083-4F9F-827D-E0F8EBA6C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB713EAA-C0CB-464B-B9B4-40D9718B9106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C285215-4125-44E4-A1EC-A2BA92F88251",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA7078-EB66-4950-A42E-AFA1C4884BF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "F820B469-1F21-4E38-9632-3D909B115D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6AA59E3-7FCE-408F-9A24-1E4D451BB15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "3975A1BA-90A6-4E16-BA17-CFA62EDB017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C8E1B5-9C65-4067-8FC6-63E286C7C5DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD1F6317-6CC3-4B1B-8A2C-F131F20395FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "90A028CB-53C4-4FA0-AB46-7FA6A5621D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5BDDFE-93CE-462E-B059-78AE7635491E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FAE5EA-91B4-4E3C-863D-BAFA832BD7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA2135A-6BB7-4C44-94A9-61C3DAE3BFE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "C011CFB5-66CF-4E9F-987B-497AF7F7D89C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BECA9A-9A4F-483D-B0F8-7EDF39653220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "144ADD44-7A0D-41CD-B9DD-8B0D55B30AE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "3629070E-A703-42DC-92B5-192D1C4E965A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBADA027-AC75-48C1-A374-52D22C916DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "A860B37D-62CB-4421-8A7E-32E944D8BDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "816C584C-B1BE-4EF6-B524-4438006BD2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3062CE-C2DC-4920-9C35-B793E0EE367C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "60466538-FEDC-4B88-B6DC-344770D5BEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "30C5B79D-E24E-4D10-BA02-9CFD87C77B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32FAFD1-9E31-4D59-8B40-D6522566B85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "0359678E-7979-47F8-9583-A988211EEC79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "A512A128-3906-4838-A932-29BA2C327957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D7612C-445C-45B1-8320-1086972CA0B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E4C01C-B275-4092-AF25-803B219C4617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4D6B65-32AB-4845-9C26-F47E5824D4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE3913DB-A23C-42EB-B04C-464270C3C1F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.2.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de caracteres ` (acento grave) en un trabajo de impresi\u00f3n."
    }
  ],
  "evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/184.html\"\u003eCWE-184: Incomplete Blacklist\u003c/a\u003e",
  "id": "CVE-2015-8327",
  "lastModified": "2024-11-21T02:38:18.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-12-17T19:59:05.590",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3411"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3429"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/78524"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2831-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2831-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/78524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2831-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2831-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-printing/2015/11/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-printing/2015/12/msg00001.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-04-14 14:59
Modified
2024-11-21 02:38
Severity ?
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
References
security@debian.orghttp://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWSVendor Advisory
security@debian.orghttp://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
security@debian.orghttp://rhn.redhat.com/errata/RHSA-2016-0491.html
security@debian.orghttp://www.debian.org/security/2015/dsa-3419
security@debian.orghttp://www.debian.org/security/2015/dsa-3429
security@debian.orghttp://www.openwall.com/lists/oss-security/2015/12/13/2
security@debian.orghttp://www.openwall.com/lists/oss-security/2015/12/14/13
security@debian.orghttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
security@debian.orghttp://www.ubuntu.com/usn/USN-2838-1
security@debian.orghttp://www.ubuntu.com/usn/USN-2838-2
af854a3a-2127-422b-91ae-364da2661108http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWSVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0491.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3419
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3429
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/12/13/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/12/14/13
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2838-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2838-2
Impacted products
Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
debian debian_linux 8.0
linuxfoundation cups-filters 1.0.42
linuxfoundation cups-filters 1.0.43
linuxfoundation cups-filters 1.0.44
linuxfoundation cups-filters 1.0.45
linuxfoundation cups-filters 1.0.46
linuxfoundation cups-filters 1.0.47
linuxfoundation cups-filters 1.0.48
linuxfoundation cups-filters 1.0.49
linuxfoundation cups-filters 1.0.50
linuxfoundation cups-filters 1.0.51
linuxfoundation cups-filters 1.0.52
linuxfoundation cups-filters 1.0.53
linuxfoundation cups-filters 1.0.54
linuxfoundation cups-filters 1.0.55
linuxfoundation cups-filters 1.0.56
linuxfoundation cups-filters 1.0.57
linuxfoundation cups-filters 1.0.58
linuxfoundation cups-filters 1.0.59
linuxfoundation cups-filters 1.0.60
linuxfoundation cups-filters 1.0.61
linuxfoundation cups-filters 1.0.62
linuxfoundation cups-filters 1.0.63
linuxfoundation cups-filters 1.0.64
linuxfoundation cups-filters 1.0.65
linuxfoundation cups-filters 1.0.66
linuxfoundation cups-filters 1.0.67
linuxfoundation cups-filters 1.0.68
linuxfoundation cups-filters 1.0.69
linuxfoundation cups-filters 1.0.70
linuxfoundation cups-filters 1.0.71
linuxfoundation cups-filters 1.0.72
linuxfoundation cups-filters 1.0.73
linuxfoundation cups-filters 1.0.74
linuxfoundation cups-filters 1.0.75
linuxfoundation cups-filters 1.0.76
linuxfoundation cups-filters 1.1.0
linuxfoundation cups-filters 1.2.0
linuxfoundation cups-filters 1.3.0
linuxfoundation foomatic-filters 4.0.0
linuxfoundation foomatic-filters 4.0.1
linuxfoundation foomatic-filters 4.0.2
linuxfoundation foomatic-filters 4.0.3
linuxfoundation foomatic-filters 4.0.4
linuxfoundation foomatic-filters 4.0.5
linuxfoundation foomatic-filters 4.0.6
linuxfoundation foomatic-filters 4.0.7
linuxfoundation foomatic-filters 4.0.8
linuxfoundation foomatic-filters 4.0.9
linuxfoundation foomatic-filters 4.0.10
linuxfoundation foomatic-filters 4.0.11
linuxfoundation foomatic-filters 4.0.12
linuxfoundation foomatic-filters 4.0.13
linuxfoundation foomatic-filters 4.0.14
linuxfoundation foomatic-filters 4.0.15
linuxfoundation foomatic-filters 4.0.16
linuxfoundation foomatic-filters 4.0.17


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "68650F82-F655-4008-85EF-E86C02D9944D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "23CA8354-40A7-4E01-AA8A-8200A34EA2BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "26EA706E-DE8C-404F-BE45-99E0E8C1D0BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC53B1B4-00F9-48B3-903F-D49F1E66668D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "41CAF5A3-CE18-424C-B1F5-B3B2763CE600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BACC25-D2CB-4347-BE7A-6A1238363C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A4BE56-B7DD-494C-A770-3ED6C682D3AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E062716-0141-4625-AA6F-FA560E49C100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A90DE61-E53B-487E-86A8-33C0E027F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA7078-EB66-4950-A42E-AFA1C4884BF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "F820B469-1F21-4E38-9632-3D909B115D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6AA59E3-7FCE-408F-9A24-1E4D451BB15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "3975A1BA-90A6-4E16-BA17-CFA62EDB017B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C8E1B5-9C65-4067-8FC6-63E286C7C5DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD1F6317-6CC3-4B1B-8A2C-F131F20395FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "90A028CB-53C4-4FA0-AB46-7FA6A5621D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5BDDFE-93CE-462E-B059-78AE7635491E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FAE5EA-91B4-4E3C-863D-BAFA832BD7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA2135A-6BB7-4C44-94A9-61C3DAE3BFE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "C011CFB5-66CF-4E9F-987B-497AF7F7D89C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BECA9A-9A4F-483D-B0F8-7EDF39653220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "144ADD44-7A0D-41CD-B9DD-8B0D55B30AE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "3629070E-A703-42DC-92B5-192D1C4E965A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBADA027-AC75-48C1-A374-52D22C916DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "A860B37D-62CB-4421-8A7E-32E944D8BDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "816C584C-B1BE-4EF6-B524-4438006BD2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3062CE-C2DC-4920-9C35-B793E0EE367C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "60466538-FEDC-4B88-B6DC-344770D5BEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "30C5B79D-E24E-4D10-BA02-9CFD87C77B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32FAFD1-9E31-4D59-8B40-D6522566B85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "0359678E-7979-47F8-9583-A988211EEC79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "A512A128-3906-4838-A932-29BA2C327957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D7612C-445C-45B1-8320-1086972CA0B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E4C01C-B275-4092-AF25-803B219C4617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.0.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4D6B65-32AB-4845-9C26-F47E5824D4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE3913DB-A23C-42EB-B04C-464270C3C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D6C5B9-C91B-4D2E-AFF0-77C2A552F277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:cups-filters:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA32A4E7-3083-48C3-9131-534996094883",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BD0822E-225D-4534-A6F7-D8E442432CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31E4828-5DF6-47E7-86AE-CD03259D1E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3DD5E3-C304-4519-BE45-F20276E0DB7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D5FB154-6600-4CE1-9811-5BC672D68991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "01CE79DA-B5C3-4923-B941-95C4717C8BE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "307F7310-F34B-4CEC-B81B-33899006E882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7CC46F-8875-4630-9B1A-278E94A2CD47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB351C4-66F2-4DAE-A34D-E5B2237F1887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9182A35A-C31C-4C8D-917A-C2B2231364AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EBEA36-790A-454D-B29F-996D0C0204FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E3EC4A-48AE-4039-974D-4D5BE0598A79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB8C32D-C84B-4D0D-A145-562904B94C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D52942-C9DA-46CF-B066-B2D569EAD5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F54BE2F2-226D-4EAE-BBE3-8B042E2B3914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CFE1F4C-3476-4C43-99E7-41846BAE6544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "910858E2-1083-4F9F-827D-E0F8EBA6C1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB713EAA-C0CB-464B-B9B4-40D9718B9106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:4.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C285215-4125-44E4-A1EC-A2BA92F88251",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.4.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un car\u00e1cter ; (punto y coma) en un trabajo de impresi\u00f3n, una vulnerabilidad diferente a CVE-2015-8327."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/184.html\"\u003eCWE-184: Incomplete Blacklist\u003c/a\u003e",
  "id": "CVE-2015-8560",
  "lastModified": "2024-11-21T02:38:44.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-14T14:59:06.207",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
    },
    {
      "source": "security@debian.org",
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
    },
    {
      "source": "security@debian.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2015/dsa-3419"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2015/dsa-3429"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-2838-1"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-2838-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0491.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/12/14/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2838-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2838-2"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-11-19 21:15
Modified
2024-11-21 01:29
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/cve-2011-2923Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2923Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-2923Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://security-tracker.debian.org/tracker/CVE-2011-2923Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2011-2923Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2923Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-2923Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2011-2923Third Party Advisory
Impacted products
Vendor Product Version
linuxfoundation foomatic-filters *
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:foomatic-filters:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "325A879D-4493-4090-A720-45092F297556",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter."
    },
    {
      "lang": "es",
      "value": "El filtro foomatic-rip, todas las versiones, utiliz\u00f3 archivos temporales creados de manera no segura para el almacenamiento de datos PostScript mediante el renderizado de los datos cuando el modo de depuraci\u00f3n fue habilitado. Un atacante local puede explotar este fallo para conducir ataques de enlace simb\u00f3lico al sobrescribir archivos arbitrarios accesibles con los privilegios del usuario que ejecuta el filtro de impresi\u00f3n universal de foomatic-rip."
    }
  ],
  "id": "CVE-2011-2923",
  "lastModified": "2024-11-21T01:29:17.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-19T21:15:11.560",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2011-2923"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2923"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-2923"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-2923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2011-2923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-2923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-2923"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}