7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
89.9%
Incomplete blacklist vulnerability in util.c in foomatic-rip in
cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x
allows remote attackers to execute arbitrary commands via ` (backtick)
characters in a print job.
Author | Note |
---|---|
tyhicks | Per Debian, introduced in cups-filters 1.0.42 and foomatic-filters 4.0-20090301 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | cups-filters | < 1.0.52-0ubuntu1.6 | UNKNOWN |
ubuntu | 15.04 | noarch | cups-filters | < 1.0.67-0ubuntu2.5 | UNKNOWN |
ubuntu | 15.10 | noarch | cups-filters | < 1.0.76-1ubuntu0.1 | UNKNOWN |
ubuntu | 12.04 | noarch | foomatic-filters | < 4.0.16-0ubuntu0.3 | UNKNOWN |
ubuntu | 14.04 | noarch | foomatic-filters | < 4.0.17-1+deb7u1ubuntu0.14.04.1 | UNKNOWN |