CLSA-2026-1777462768 cups: Fix of CVE-2023-4504

CVE-2023-4504: validate PPD PostScript input length to prevent heap-based buffer overflow in raster-interpret.c...

CLSA-2025-1741635651 cups: Fix of CVE-2024-47175

CVE-2024-47175: fix improper input validation in cups for PPD files...

cups: libppd: remote command injection via attacker controlled data in PPD file

A security vulnerability was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer...

USN-7041-2 cups vulnerability

USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate P...

DEBIAN-CVE-2024-47076

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilter...

UBUNTU-CVE-2023-4504

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023...

Remote Code Execution (RCE)

Foomatic is vulnerable to remote code execution RCE. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript...

Stack overflow

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service application termination and execute arbitrary code via a crafted PostScript Printer Description PPD file that is not properly handled when querying a network printer...

CVE-2008-0997

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service application termination and execute arbitrary code via a crafted PostScript Printer Description PPD file that is not properly handled when querying a network printer...

CVE-2008-0997

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service application termination and execute arbitrary code via a crafted PostScript Printer Description PPD file that is not properly handled when querying a network printer...