7 matches found
CVE-2022-26691
CVE-2022-26691 is a privilege-escalation issue in the CUPS printing system caused by a logic error in local authorization. Connected documentation shows affected packages across multiple distributions and versions, with patches released: e.g., cups
CVE-2023-4504
CVE-2023-4504 affects the OpenPrinting CUPS stack and its libppd component, caused by a failure to validate the length of an attacker-crafted PPD PostScript document. This leads to a heap-based buffer overflow, with potential for code execution as described in the fixed release notes. The vulnera...
CVE-2025-58060
Summary: CVE-2025-58060 affects OpenPrinting CUPS and related package updates across Linux distributions, allowing authentication bypass when AuthType is not Basic but the request carries an Authorization: Basic header. The root cause is improper validation in cupsdAuthorize(), which can bypass p...
CVE-2025-58436
OpenPrinting CUPS (printing system) is affected by CVE-2025-58436 prior to version 2.4.15, where a slow client communicating with cupsd could cause the daemon to become unusable for other clients (DoS). The issue has been patched in 2.4.15; multiple advisories reference upgrading to a newer CUPS ...
CVE-2025-58364
OpenPrinting CUPS (versions ≤ 2.4.12) contains a vulnerability where unsafe deserialization/validation of printer attributes leads to a null dereference in libcups, causing remote DoS. Several connected advisories corroborate this, noting local-network exposure in default configurations and that ...
CVE-2025-61915
CVE-2025-61915 affects OpenPrinting CUPS. A user in the lpadmin group can use the cups web UI to alter cupsd.conf, which the root-running cupsd then parses, causing an out-of-bounds write. Impact exists locally (privileges required: HIGH) with potential DoS/compromised availability; patched in ve...
CVE-2026-41079
OpenPrinting CUPS (prior to 2.4.17) is vulnerable to a network-adjacent attacker who can send a crafted SNMP response to the CUPS SNMP backend, causing an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is interpreted from UTF-16 to UTF-8 and stored as printer supply ...