CVE-2026-34980

A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the page-border value, allowing an attacker to embed and reparse malicious text ...

MiracleLinux 3 : cups-1.2.4-11.18.1.1AXS3 (AXSA:2008-75:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-75:01 advisory. Description of problem: The Common UNIX Printing System CUPS provides a portable printing layer for UNIX operating systems. An integer overflow flaw leading to...

Linux Distros Unpatched Vulnerability : CVE-2021-25317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Clou...

CUPS IPP Attributes LAN Remote Code Execution

This module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer...

Mageia: Security Advisory (MGASA-2014-0170)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-25317

It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the lp user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low...

Apple CUPS 安全漏洞

Apple CUPS is the United States Apple Apple company's set of open source for OS X and Unix-like system printing system. The system is based on the Internet Printing Protocol IPP and provides most PostScript and raster printer services. A security vulnerability exists in CUPS. The vulnerability...

Privilege Escalation

cups is vulnerable to privilege escalation. A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the "lp" user such as a compromised external filter program spawned by the CUPS server could trick the CUPS server into overwriting arbitrary files as the root us...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format TIFF decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. An insufficient buffer bounds checking flaw was discovered in the HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a malicious HP-GL/2 file that could, possibly, execute arbitrary code as the "lp" user if the file was printed...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. A buffer overflow flaw was discovered in the SGI image format decoding routines used by the CUPS image converting filter "imagetops". An attacker could create a malicious SGI image file that could, possibly, execute arbitrary code as the "lp" user i...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. An integer overflow flaw leading to a heap buffer overflow was discovered in the Text-to-PostScript "texttops" filter. An attacker could create a malicious text file that could, possibly, execute arbitrary code as the "lp" user if the file was print...

Denial Of Service (DoS)

cups is vulnerable to denial of service DoS. The vulnerability exists as an integer overflow flaw leading to a heap buffer overflow was discovered in the Portable Network Graphics PNG decoding routines used by the CUPS image converting filters "imagetops" and "imagetoraster". An attacker could...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. The vulnerability exists as two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed...

Linux (CUPSD 1.x.x/2.x.x) Remote 0day Exploit

Yields user 'lp' shell. Targets Debian/RHEL/Ubuntu and more...

USN-2838-2: foomatic-filters vulnerability

Adam Chester discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user...

USN-2838-1 cups-filters vulnerability

Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user...

Ubuntu 14.04 LTS : cups-filters vulnerability (USN-2831-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2831-1 advisory. Michal Kowalczyk discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issu...

USN-2831-2: foomatic-filters vulnerability

Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user...

cups-filters: texttopdf heap-based buffer overflow

A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" us...