CVE-2026-6892

Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. :Canon...

Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS

Overview My Image Garden for MacOS and CUPS Printer Driver for macOS provided by Canon Inc. contain the following vulnerability. Improper link resolution before file access 'Link following' CWE-59 - CVE-2026-6891, CVE-2026-6892 Canon Inc. reported this vulnerability to JPCERT/CC to notify users o...

usb: usblp: fix heap leak in IEEE 1284 device ID via short response

...

CVE-2026-6892

Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. :Canon...

CVE-2026-6892

The CVE-2026-6892 entry concerns improper handling of symbolic links in the macOS installer for Canon CUPS Printer Driver (affecting Canon PIXUS iX6800 Series and MG2500 Series). The underlying issue is symbolic-links manipulation during installation, which could allow a local user with login pri...

PT-2026-44709

Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. :Canon...

Canon CUPS Printer Driver 安全漏洞

The Canon CUPS Printer Driver is a printer driver suite developed by the Japanese company Canon. Versions of the Canon CUPS Printer Driver 16.91.0.0 and earlier contained security vulnerabilities. These vulnerabilities were due to improper handling of symbolic links in the installation process,...

CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

EUVD-2026-32794

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

CVE-2026-46167

CVE-2026-46167 – Linux kernel usb/usblp heap leak : The vulnerability stems from an uninitialized status buffer (statusbuf) allocated at probe time for LPGETSTATUS. If a malicious printer returns zero bytes, a stale 8-byte heap region could be copied to userspace via LPGETSTATUS, causing a heap l...

CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

PT-2026-44290

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A heap leak exists in the usblp driver. The usblp read status function requests 1 byte of data, but if a malicious printer responds with zero bytes, the usblp ctrl msg function discards the...

PT-2026-32866

Name of the Vulnerable Software and Affected Versions Windows USB Print Driver versions prior to April 2026 Description A heap-based buffer overflow in the Windows USB Printing Stack usbprint.sys allows an unauthorized attacker to elevate privileges. This issue can be exploited through a physical...

Microsoft Windows USB Print Driver 安全漏洞

Microsoft Windows USB Print Driver is a USB printer driver developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Windows USB Print Driver. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows...

CVE-2025-4960

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...

CVE-2025-63701

A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...

PT-2025-47004

Name of the Vulnerable Software and Affected Versions Advantech TP-3250 printer driver versions v0.3.9200.20789 Description A heap corruption issue exists in the Advantech TP-3250 printer driver’s DrvUI x64 ADVANTECH.dll component. The issue occurs when the DocumentPropertiesW function is called...

CVE-2025-63701

A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...