CLSA-2026-1769515411 cups: Fix of CVE-2025-61915

CVE-2025-61915: fix out-of-bound write issue caused by inserting malicious line in cups web UI config...

CLSA-2026-1768988530 cups: Fix of CVE-2025-58436

CVE-2025-58436: fix unresponsive cupsd process caused by a slow client...

EUVD-2014-8007

Malware in sbrugna...

EUVD-2020-25314

Malware in sbrugna...

cups: Cupsd Listen arbitrary chmod 0140777

A flaw was found in the cupsd server. When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Since cupsd is often running as root, this...

USN-6844-2 cups regression

USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Rory McNamara...

OESA-2024-1758 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers.. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and oth...

The vulnerability of the scan_ps() function in the libppd library of the CUPS printing server allows a attacker to escalate their privileges and execute arbitrary code.

The vulnerability of the scanps function in the libppd library of the CUPS printing server is related to the issue where the operation’s output goes out of the buffer in memory when processing PPD file lengths. Exploiting this vulnerability can allow an attacker to increase their privileges and...

SUSE CVE-2010-0393

The cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with...

SUSE CVE-2015-1158

The addjob function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted 1 IPPCREATEJOB or 2 IPPPRINTJOB...

Ubuntu: Security Advisory (USN-50-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the LoRa Basics Station software lies in the use of memory after it is freed, allowing a intruder to execute arbitrary code.

The vulnerability of the LoRa Basics Station software relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the MITM Man-In-The-Middle scenario, either through the compromised CUPS server or by modifying settings using...

CVE-2020-4060

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message https://doc.sm.tc/station/cupsproto.htmlhttp-post-response where the signature length is larger than ...

Design/Logic Flaw

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message https://doc.sm.tc/station/cupsproto.htmlhttp-post-response where the signature length is larger than ...

CVE-2020-4060 Use After Free in in cups_update_info in LoRa Basics Station

In LoRa Basics Station before 2.0.4, there is a Use After Free vulnerability that leads to memory corruption. This bug is triggered on 32-bit machines when the CUPS server responds with a message https://doc.sm.tc/station/cupsproto.htmlhttp-post-response where the signature length is larger than ...

The vulnerability of the cups printing server of the Astra Linux operating system allows a hacker to gain access to confidential data.

The vulnerability of the cups printing server of the Astra Linux operating system relates to the printing of GECOS field contents instead of the user’s domain login information. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

Debian: Security Advisory (DLA-1387-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name...

CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name...

CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name...