56 matches found
CVE-2012-5519
CVE-2012-5519 affects the Common UNIX Printing System (CUPS) 1.4.4 and earlier on Linux distros (e.g., Debian). The web interface stores the administrator key in /var/run/cups/certs/0 with permissions that allow lpadmin users to read/write files, enabling local privilege escalation to root via th...
CVE-2022-26691
CVE-2022-26691 is a privilege-escalation issue in the CUPS printing system caused by a logic error in local authorization. Connected documentation shows affected packages across multiple distributions and versions, with patches released: e.g., cups
CVE-2008-5184
CVE-2008-5184 affects CUPS prior to 1.3.8, where the web interface (cgi-bin/admin.c) uses a guest user when no user is logged in, enabling CSRF attacks on RSS subscription management (add and cancel) by remote attackers. Multiple connected advisories note the issue as part of broader CUPS updates...
CVE-2017-18190
CVE-2017-18190 affects the CUPS printing system. Connected sources confirm a vulnerability where a localhost.localdomain whitelist entry in valid_host() (scheduler/client.c) in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon ...
CVE-2018-4300
The CVE-2018-4300 entry concerns the CUPS web interface session cookie being easily guessable on Linux, enabling unauthorized scripted access when the web interface is enabled. Affected versions are prior to 2.2.10, and the issue is mitigated by upgrading to v2.2.10 or newer. Multiple connected s...
CVE-2014-5031
CVE-2014-5031 affects the CUPS web interface. The vulnerability is in CUPS versions before 2.0, where the web interface does not verify that files have world-readable permissions. This can allow remote attackers to obtain sensitive information via unspecified vectors. The issue is documented acro...
CVE-2008-3641
Summary (CVE-2008-3641): The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 is vulnerable. A remote attacker can craft pen width and pen color opcodes that overwrite memory, enabling arbitrary code execution on affected systems. Public sources reference this CVE as part of m...
CVE-2010-2941
CVE-2010-2941 affects the Common UNIX Printing System (CUPS) cupsd component, specifically ipp.c in CUPS 1.4.4 and earlier. The vulnerability arises from improper memory allocation for attribute values with invalid string data types, enabling a remote attacker to cause a use-after-free and crash,...
CVE-2008-0053
CVE-2008-0053: Two buffer overflows in the HP-GL/2-to-PostScript filter of CUPS could allow remote code execution when a crafted HP-GL/2 file is printed. The CVE is associated with CUPS releases patched in various advisories (e.g., RHSA-2008:0192, ELSA-2008-0192) and vendor-specific updates; Open...
CVE-2017-18248
The connected documents confirm CVE-2017-18248 affects CUPS prior to 2.2.6. The vulnerability resides in add_job in scheduler/ipp.c when D-Bus support is enabled: remote attackers can crash the CUPS daemon by sending print jobs with an invalid username, via a D-Bus notification. The documented im...
CVE-2014-2856
CVE-2014-2856 affects the Common UNIX Printing System (CUPS) web interface. The vulnerability is a cross-site scripting (XSS) flaw in scheduler/client.c related to the is_path_absolute function, exploitable via the URL path. It exists in CUPS versions before 1.7.2 and allows remote attackers to i...
CVE-2012-6094
CVE-2012-6094 affects the Common UNIX Printing System (CUPS). The issue is that the option to listen on localhost:631 is not honored, which could allow unauthorized access to the system’s web-based admin interface. Publicly documented mitigations include patches in cups updates (e.g., openSUSE cu...
CVE-2014-3537
CVE-2014-3537 affects the CUPS web interface on systems running vulnerable CUPS versions prior to 1.7.4. A local attacker with lp group privileges can exploit a symlink vulnerability in /var/cache/cups/rss to read arbitrary files. Several advisories (Debian, Red Hat, Mandriva, EulerOS, etc.) refe...
CVE-2013-6891
CVE-2013-6891 affects CUPS prior to 1.7.1. The lppasswd tool, when run with setuid, allows local users to read portions of arbitrary files via a crafted HOME environment and a symlink attack on .cups/client.conf. Impact is local information disclosure; there is no remote code execution stated. Th...
CVE-2014-5030
CVE-2014-5030 affects CUPS before 2.0. Local users can read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. Root cause is a symlink-based access issue in the web interface that permits reading of these files. No...
CVE-2010-3702
The CVE-2010-3702 issue affects the Xpdf PDF parser (Gfx::getPos) in Xpdf
CVE-2011-2896
CVE-2011-2896 is a heap-based buffer overflow in the GIF LZW decompression path (LZWReadByte) affecting the GIF plug-in implementations in GIMP (and related GIF handling in CUPS/PBMPLUS and others). The vulnerability can crash the affected application or, potentially, allow code execution via a c...
CVE-2008-5183
The CVE-2008-5183 issue affects CUPS
CVE-2009-0949
CVE-2009-0949 affects CUPS before 1.3.10. The ippReadIO function in cups/ipp.c within cupsd fails to properly initialize memory for IPP request packets, enabling a remote attacker to trigger a denial of service (NULL pointer dereference and cupsd crash) via a scheduler request containing two cons...
CVE-2010-0542
CVE-2010-0542 affects the CUPS texttops image filter in the Text Filter subsystem. The _WriteProlog function fails to check calloc return values, which can lead to a NULL pointer dereference or heap memory corruption when processing crafted files. This may allow a remote attacker to cause a denia...
CVE-2008-5286
CVE-2008-5286 is an integer overflow in CUPS PNG decoding (function _cupsImageReadPNG) that enables heap buffer overflow and remote code execution via a crafted PNG with large height. Affected: CUPS 1.1.17–1.3.9. Implications include potential arbitrary code execution (e.g., as lp user per adviso...
CVE-2009-1180
CVE-2009-1180 affects the JBIG2 decoder path used by Xpdf (and components embedding Xpdf, e.g., Poppler-based renderers). The flaw is triggered by crafted PDFs and can lead to remote arbitrary code execution or crashes via a free of invalid data during JBIG2 decoding. Public advisories indicate a...
CVE-2008-3639
CVE-2008-3639 : In CUPS, a heap-based buffer overflow in the read_rle16 function of imagetops (pre-1.3.9) can be triggered by a malformed SGI image with small image size and large RLE row count, allowing remote code execution. Publicly documented in multiple advisories; mitigations patch CUPS to ...
CVE-2009-0799
Technical details beyond the given Initial Description are not provided in the connected documents. Monitor for updates; the current set does not specify affected products/versions beyond general JBIG2 decoding issues (CVE-2009-0799) in Xpdf/kpdf/Poppler.
CVE-2014-9679
The connected data documents confirm CVE-2014-9679 affects CUPS and describe an integer underflow in cupsRasterReadPixels (filter/raster.c) that can be triggered by a malformed compressed raster file, leading to a buffer overflow with unspecified impact. The vulnerability requires that a crafted ...
CVE-2010-1748
CVE-2010-1748 affects the CUPS web interface (cgi-bin/var.c) on CUPS versions prior to 1.4.4 (notably on Apple macOS 10.5.8 and macOS 10.6.x before 10.6.4). The flaw occurs when processing form/URL parameters that contain a % character not followed by two hex digits, causing uninitialized memory ...
CVE-2009-0032
CVE-2009-0032 affects CUPS shipped with Mandriva Linux (2008.0, 2008.1, 2009.0) and Mandriva CS/MNF; a local symlink attack on the /tmp/pdf.log file lets local users overwrite arbitrary files. Root cause: insecure handling of temporary file creation via symlinks in CUPS. Impact: local privilege/e...
CVE-2009-1179
CVE-2009-1179 corresponds to an integer overflow in Xpdf’s JBIG2 decoder (and related JBIG2 code paths in Poppler) that affects Xpdf <= 3.02pl2 and older, CUPS <= 1.3.9 and older, and Poppler equals 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ...
CVE-2010-2431
CVE-2010-2431 details (CUPS) : The cupsFileOpen function in CUPS before 1.4.4 allows local users who are in the lp group to overwrite arbitrary files via a symlink attack on the files /var/cache/cups/remote.cache and /var/cache/cups/job.cache. This is a local, privilege-related flaw with an impac...
CVE-2009-0163
CVE-2009-0163 affects CUPS 1.3.9 and earlier, due to an integer/heap overflow in TIFF decoding within the imagetops and imagetoraster filters. A crafted TIFF image can cause a remote denial of service (daemon crash) and potentially arbitrary code execution via a heap-based buffer overflow in _cup...
CVE-2011-3170
The CVE-2011-3170 issue affects CUPS 1.4.8 and earlier, where gif_read_lzw in filter/image-gif.c mishandles the first code word in an LZW stream, causing a heap-based buffer overflow that could allow remote code execution via a crafted GIF. Related CVE-2011-2896 concerns the LZW decompressor simi...
CVE-2009-1182
CVE-2009-1182 concerns JBIG2 decoder flaws leading to remote code execution when processing crafted PDFs. The Initial Description lists multiple buffers overflows in the JBIG2 MMR decoder used by Xpdf (3.02pl2 and earlier), CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products. Connec...
CVE-2010-0302
CVE-2010-0302 affects CUPS before 1.4.4, with the use-after-free vulnerability in cupsdDoSelect within scheduler/select.c when using kqueue or epoll. The issue stems from improper reference-count handling of the abstract file-descriptor interface, allowing a remote attacker to trigger a denial of...
CVE-2007-3387
CVE-2007-3387 affects xpdf 3.02 and thus downstream KDE/kpdf/gpdf/pdfs handling in kdegraphics, CUPS, and related tools. The root cause is an integer/stack-based overflow in PDF parsing: StreamPredictor::getNextLine may overflow when processing a crafted PDF, potentially allowing remote code exec...
CVE-2009-0147
CVE-2009-0147 involves multiple integer overflows in the JBIG2 decoder used by Xpdf (3.02pl2 and earlier) and CUPS (1.3.9 and earlier), plus other products. The flaw affects the JBIG2 decoder paths JBIG2Stream::readSymbolDictSeg (and related symbol-dictionary handling) and JBIG2Stream::readGeneri...
CVE-2009-0166
The CVE-2009-0166 issue affects the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and related products, caused by a free of uninitialized memory in JBIG2 decoding. This leads to a remote denial of service (crash) via a crafted PDF file. Connected advisories ( MiracleLinux AXS...
CVE-2009-0800
CVE-2009-0800 involves input validation flaws in the JBIG2 decoder (Xpdf-based) used by Xpdf, Poppler, kdegraphics/kpdf and related components. Public records tie this to Poppler, kdegraphics kdepdf/kpdf in Debian/etch/lenny and CentOS/RHEL advisories, with multiple JBIG2/INT/UB memory issues ena...
CVE-2008-3640
CVE-2008-3640 affects the Common UNIX Printing System (CUPS) in the texttops filter (WriteProlog). The vulnerability is a heap-based buffer overflow triggered by a crafted PostScript file, allowing remote code execution before CUPS 1.3.9. Connected advisories (e.g., MiracleLinux/Nessus entries) c...
CVE-2009-1183
CVE-2009-1183 affects JBIG2 MMR decoding in Xpdf (3.02pl2 and earlier), and also broader products using JBIG2 decoders such as Poppler before 0.10.6 and other vendors (e.g., CUPS 1.3.9 and earlier). The issue is a remote DoS: a crafted PDF can cause an infinite loop or hang in the JBIG2 decoder, ...
CVE-2009-0146
CVE-2009-0146 is described in connected advisories as a set of vulnerabilities in the JBIG2 decoder used by Xpdf, CUPS (and related products) that allow remote attackers to cause a denial of service via crafted PDF files. The JBIG2-related flaws involve JBIG2SymbolDict::setBitmap and JBIG2Stream:...
CVE-2009-0791
CVE-2009-0791 involves multiple integer overflows in Xpdf (2.x/3.x) and Poppler 0.x, used by pdftops in CUPS, KDE KPDF, and related components. The issue arises in the JBIG2 decoder and other areas (Decrypt.cxx, FoFiTrueType.cxx, gmem.c, JBIG2Stream.cxx, PSOutputDev.cxx) and can trigger a heap-ba...
CVE-2009-3553
CVE-2009-3553 is a use-after-free vulnerability in CUPS’ cupsdDoSelect path (scheduler/select.c) affecting the CUPS daemon when listing many print jobs. The issue arises from improper reference-count maintenance, allowing a remote attacker to trigger a denial of service (daemon crash or hang) via...
CVE-2010-2432
CVE-2010-2432 affects the CUPS client as part of CUPS before 1.4.4. The cupsDoAuthentication function in auth.c fails to properly handle an authorization demand when HAVE_GSSAPI is omitted, enabling remote CUPS servers to trigger a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses...
CVE-2014-5029
CVE-2014-5029 affects the web interface of CUPS 1.7.4 . Local users in the lp group can read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and with language[0] set to null. This vulnerability is noted to exist due to an incomplete fix for CVE-2014-3537; no patch/version i...
CVE-2009-0164
CVE-2009-0164 affects the CUPS web interface prior to 1.3.10, where the HTTP Host header is not validated. This enables DNS rebinding-style attacks from a remote attacker over the network (impact: partial confidentiality/integrity and partial availability as per NVD metrics; base score 6.4, MEDIU...
CVE-2004-2154
CVE-2004-2154 affects CUPS prior to 1.1.21rc1, where a Location directive in cupsd.conf is treated as case sensitive. This allows bypassing ACLs by using a printer name whose capitalization differs from that in the directive, enabling unauthorized access to printers. The issue is propagated acros...
CVE-2002-1372
CVE-2002-1372 affects the Common Unix Printing System (CUPS) versions 1.1.14–1.1.17. The issue arises because CUPS does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by creating an...
CVE-2009-1181
CVE-2009-1181 affects the JBIG2 decoder in Xpdf 3.02pl2 and earlier, Poppler before 0.10.6, and related components, allowing remote attackers to crash the process via a crafted PDF that triggers a NULL pointer dereference. Connected sources confirm practical impacts across Poppler/kpdf/xpdf-famil...
CVE-2010-0393
CVE-2010-0393 affects CUPS: the cupsGetlang function in lppasswd historically uses an environment variable to select the localization file, allowing local privilege escalation via crafted localization data with format string specifiers in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1. The vulnerability’s r...
CVE-2007-4045
CVE-2007-4045 affects the CUPS daemon (CUPS) in SUSE Linux before 20070720 and other distros, linked to an incomplete fix for CVE-2007-0720 that introduced a denial-of-service in SSL negotiation. The issue is described in multiple advisories (e.g., RHSA-2007-1022/1023, ELSA advisories) stating th...