17 matches found
CVE-2022-26691
CVE-2022-26691 is a privilege-escalation issue in the CUPS printing system caused by a logic error in local authorization. Connected documentation shows affected packages across multiple distributions and versions, with patches released: e.g., cups
CVE-2023-32324
OpenPrinting CUPS (up to version 2.4.2 and earlier) contains a heap buffer overflow in format_log_line that can cause a DoS when cupsd.conf loglevel is set to DEBUG. The issue is exploitable remotely according to the CVE description, with impact limited to availability (DoS) and no confidentialit...
CVE-2023-4504
CVE-2023-4504 affects the OpenPrinting CUPS stack and its libppd component, caused by a failure to validate the length of an attacker-crafted PPD PostScript document. This leads to a heap-based buffer overflow, with potential for code execution as described in the fixed release notes. The vulnera...
CVE-2025-58060
Summary: CVE-2025-58060 affects OpenPrinting CUPS and related package updates across Linux distributions, allowing authentication bypass when AuthType is not Basic but the request carries an Authorization: Basic header. The root cause is improper validation in cupsdAuthorize(), which can bypass p...
CVE-2023-34241
CVE-2023-34241 (CUPS) affects OpenPrinting CUPS prior to 2.4.6. A use-after-free occurs in cupsdAcceptClient when logging data after a connection closes due to the function httpClose(con->http) freeing the pointer; cupsdLogClient then passes that freed pointer to httpGetHostname. This can happ...
CVE-2024-35235
CVE-2024-35235 affects OpenPrinting CUPS. Affects cupsd Listen directives using a symlink can trigger arbitrary chmod on the argument, giving world-writable access to the target and, on some configurations (e.g., Ubuntu AppArmor), potentially full root command execution via cups-files.conf User/G...
CVE-2026-34980
OpenPrinting CUPS (versions 2.4.16 and earlier) is impacted by CVE-2026-34980. In a network-exposed cupsd with a shared target queue, an unauthenticated client can submit a Print-Job, causing the server to process a text-within-PPD that leads to executing an attacker-chosen binary (e.g., /usr/bin...
CVE-2026-34978
OpenPrinting CUPS vulnerability CVE-2026-34978 involves a path traversal flaw in the RSS notifier (notify-recipient-uri) that affects versions
CVE-2025-58436
OpenPrinting CUPS (printing system) is affected by CVE-2025-58436 prior to version 2.4.15, where a slow client communicating with cupsd could cause the daemon to become unusable for other clients (DoS). The issue has been patched in 2.4.15; multiple advisories reference upgrading to a newer CUPS ...
CVE-2026-39316
OpenPrinting CUPS contains a use-after-free in the cupsd scheduler when deleting temporary printers. In cupsdDeleteTemporaryPrinters(), cupsdDeletePrinter() is called without expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed memor...
CVE-2025-58364
OpenPrinting CUPS (versions ≤ 2.4.12) contains a vulnerability where unsafe deserialization/validation of printer attributes leads to a null dereference in libcups, causing remote DoS. Several connected advisories corroborate this, noting local-network exposure in default configurations and that ...
CVE-2025-61915
CVE-2025-61915 affects OpenPrinting CUPS. A user in the lpadmin group can use the cups web UI to alter cupsd.conf, which the root-running cupsd then parses, causing an out-of-bounds write. Impact exists locally (privileges required: HIGH) with potential DoS/compromised availability; patched in ve...
CVE-2026-39314
OpenPrinting CUPS (CVE-2026-39314) is vulnerable in versions 2.4.16 and prior. The root cause is an integer underflow in _ppdCreateFromIPP (cups/ppd-cache.c): a negative job-password-supported IPP attribute passes bounds checks, is cast to size_t, and is used as a length in memset() on a 33-byte ...
CVE-2026-27447
OpenPrinting CUPS (cupsd) contains an authorization bypass in versions 2.4.16 and earlier due to case-insensitive username comparison during authorization checks. This allows an unprivileged user to access restricted operations by using a username that differs only in case from an authorized user...
CVE-2026-41079
OpenPrinting CUPS (prior to 2.4.17) is vulnerable to a network-adjacent attacker who can send a crafted SNMP response to the CUPS SNMP backend, causing an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is interpreted from UTF-16 to UTF-8 and stored as printer supply ...
CVE-2026-34990
OpenPrinting CUPS (OpenPrinting CUPS) CVE-2026-34990 affects versions 2.4.16 and earlier. A local unprivileged user can coerce cupsd to authenticate to an attacker-controlled localhost IPP service using a reusable Authorization: Local token, enabling /admin/ requests on localhost. By combining CU...
CVE-2026-34979
OpenPrinting CUPS contains a heap-based buffer overflow in the CUPS scheduler’s get_options() when building filter option strings from job attributes, affecting versions 2.4.16 and earlier. The vulnerability is currently unpatched publicly at publication. The CVSS metrics indicate Network attack ...