Lucene search
K
OpenprintingCups

17 matches found

CVE
CVE
•added 2022/05/26 5:47 p.m.•1054 views

CVE-2022-26691

CVE-2022-26691 is a privilege-escalation issue in the CUPS printing system caused by a logic error in local authorization. Connected documentation shows affected packages across multiple distributions and versions, with patches released: e.g., cups

7.2CVSS6.1AI score0.00579EPSS
CVE
CVE
•added 2023/06/01 4:4 p.m.•541 views

CVE-2023-32324

OpenPrinting CUPS (up to version 2.4.2 and earlier) contains a heap buffer overflow in format_log_line that can cause a DoS when cupsd.conf loglevel is set to DEBUG. The issue is exploitable remotely according to the CVE description, with impact limited to availability (DoS) and no confidentialit...

7.5CVSS6.8AI score0.01473EPSS
CVE
CVE
•added 2023/09/21 10:47 p.m.•537 views

CVE-2023-4504

CVE-2023-4504 affects the OpenPrinting CUPS stack and its libppd component, caused by a failure to validate the length of an attacker-crafted PPD PostScript document. This leads to a heap-based buffer overflow, with potential for code execution as described in the fixed release notes. The vulnera...

7CVSS7.6AI score0.00663EPSS
CVE
CVE
•added 2025/09/11 5:6 p.m.•448 views

CVE-2025-58060

Summary: CVE-2025-58060 affects OpenPrinting CUPS and related package updates across Linux distributions, allowing authentication bypass when AuthType is not Basic but the request carries an Authorization: Basic header. The root cause is improper validation in cupsdAuthorize(), which can bypass p...

8CVSS6.7AI score0.00964EPSS
CVE
CVE
•added 2023/06/22 10:39 p.m.•149 views

CVE-2023-34241

CVE-2023-34241 (CUPS) affects OpenPrinting CUPS prior to 2.4.6. A use-after-free occurs in cupsdAcceptClient when logging data after a connection closes due to the function httpClose(con->http) freeing the pointer; cupsdLogClient then passes that freed pointer to httpGetHostname. This can happ...

7.1CVSS6.6AI score0.01395EPSS
CVE
CVE
•added 2024/06/11 2:13 p.m.•142 views

CVE-2024-35235

CVE-2024-35235 affects OpenPrinting CUPS. Affects cupsd Listen directives using a symlink can trigger arbitrary chmod on the argument, giving world-writable access to the target and, on some configurations (e.g., Ubuntu AppArmor), potentially full root command execution via cups-files.conf User/G...

6.7CVSS5.7AI score0.02421EPSS
CVE
CVE
•added 2026/04/03 9:18 p.m.•135 views

CVE-2026-34980

OpenPrinting CUPS (versions 2.4.16 and earlier) is impacted by CVE-2026-34980. In a network-exposed cupsd with a shared target queue, an unauthenticated client can submit a Print-Job, causing the server to process a text-within-PPD that leads to executing an attacker-chosen binary (e.g., /usr/bin...

7.5CVSS6AI score0.00502EPSS
CVE
CVE
•added 2026/04/03 9:15 p.m.•72 views

CVE-2026-34978

OpenPrinting CUPS vulnerability CVE-2026-34978 involves a path traversal flaw in the RSS notifier (notify-recipient-uri) that affects versions

6.5CVSS6AI score0.00406EPSS
Web
CVE
CVE
•added 2025/11/29 2:15 a.m.•70 views

CVE-2025-58436

OpenPrinting CUPS (printing system) is affected by CVE-2025-58436 prior to version 2.4.15, where a slow client communicating with cupsd could cause the daemon to become unusable for other clients (DoS). The issue has been patched in 2.4.15; multiple advisories reference upgrading to a newer CUPS ...

5.5CVSS6.5AI score0.00195EPSS
CVE
CVE
•added 2026/04/07 5:0 p.m.•53 views

CVE-2026-39316

OpenPrinting CUPS contains a use-after-free in the cupsd scheduler when deleting temporary printers. In cupsdDeleteTemporaryPrinters(), cupsdDeletePrinter() is called without expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed memor...

6.2CVSS6AI score0.00178EPSS
CVE
CVE
•added 2025/09/11 5:26 p.m.•49 views

CVE-2025-58364

OpenPrinting CUPS (versions ≤ 2.4.12) contains a vulnerability where unsafe deserialization/validation of printer attributes leads to a null dereference in libcups, causing remote DoS. Several connected advisories corroborate this, noting local-network exposure in default configurations and that ...

6.5CVSS6.8AI score0.01063EPSS
CVE
CVE
•added 2025/11/29 2:15 a.m.•42 views

CVE-2025-61915

CVE-2025-61915 affects OpenPrinting CUPS. A user in the lpadmin group can use the cups web UI to alter cupsd.conf, which the root-running cupsd then parses, causing an out-of-bounds write. Impact exists locally (privileges required: HIGH) with potential DoS/compromised availability; patched in ve...

6.7CVSS6.5AI score0.00409EPSS
CVE
CVE
•added 2026/04/07 4:59 p.m.•41 views

CVE-2026-39314

OpenPrinting CUPS (CVE-2026-39314) is vulnerable in versions 2.4.16 and prior. The root cause is an integer underflow in _ppdCreateFromIPP (cups/ppd-cache.c): a negative job-password-supported IPP attribute passes bounds checks, is cast to size_t, and is used as a length in memset() on a 33-byte ...

6.2CVSS5.9AI score0.00154EPSS
CVE
CVE
•added 2026/04/03 9:11 p.m.•35 views

CVE-2026-27447

OpenPrinting CUPS (cupsd) contains an authorization bypass in versions 2.4.16 and earlier due to case-insensitive username comparison during authorization checks. This allows an unprivileged user to access restricted operations by using a username that differs only in case from an authorized user...

6.3CVSS5.9AI score0.00317EPSS
CVE
CVE
•added 2026/04/24 4:54 p.m.•29 views

CVE-2026-41079

OpenPrinting CUPS (prior to 2.4.17) is vulnerable to a network-adjacent attacker who can send a crafted SNMP response to the CUPS SNMP backend, causing an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is interpreted from UTF-16 to UTF-8 and stored as printer supply ...

5.4CVSS5.3AI score0.00409EPSS
CVE
CVE
•added 2026/04/03 9:14 p.m.•24 views

CVE-2026-34990

OpenPrinting CUPS (OpenPrinting CUPS) CVE-2026-34990 affects versions 2.4.16 and earlier. A local unprivileged user can coerce cupsd to authenticate to an attacker-controlled localhost IPP service using a reusable Authorization: Local token, enabling /admin/ requests on localhost. By combining CU...

7.8CVSS6AI score0.00289EPSS
CVE
CVE
•added 2026/04/03 9:16 p.m.•18 views

CVE-2026-34979

OpenPrinting CUPS contains a heap-based buffer overflow in the CUPS scheduler’s get_options() when building filter option strings from job attributes, affecting versions 2.4.16 and earlier. The vulnerability is currently unpatched publicly at publication. The CVSS metrics indicate Network attack ...

5.3CVSS6.1AI score0.00379EPSS